SQL Injection Vulnerability in Symantec Endpoint Protection Manager and Symantec Protection Center
CVE-2013-5015

Currently unrated

Key Information:

Vendor: Symantec
Status: Protection Center; Endpoint Protection Manager
Vendor: CVE Published:; 14 February 2014

Summary

The SQL injection vulnerability found in Symantec Endpoint Protection Manager and Symantec Protection Center Small Business Edition enables remote authenticated users to execute arbitrary SQL code. This issue affects specific versions of the software, allowing a potential attacker to manipulate the database via SQL queries and access sensitive information or modify the database contents. It is crucial for users of the affected products to apply available security updates to mitigate this risk.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...

x_refsource_MISC

http://www.exploit-db.com/exploits/31853

exploitx_refsource_EXPLOIT-DB

EPSS Score

74% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 14, 2014
Vulnerability Reserved
Jul 29, 2013