CVE-2013-5015
Published Feb 14, 2014
Last updated 9 years ago
Overview
- Description
- SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
- Source
- secure@symantec.com
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection_manager:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13411C59-6D49-47E5-9D5D-4CCDFD980EC9"
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection_manager:12.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "590E3332-512F-44D9-A67C-6F87F6C09D17"
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection_manager:12.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAC3C870-55F7-410C-9CF6-5DEAC742EA34"
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection_manager:12.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1F71A7F-B7BE-4CA8-B802-5151681BF59A"
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection_manager:12.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C583C973-8B2C-4279-BFFC-2B224954137C"
},
{
"criteria": "cpe:2.3:a:symantec:protection_center:12.0:*:*:*:small_business:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7AC80589-30B7-47CA-9F35-44145DCFC0C3"
}
],
"operator": "OR"
}
]
}
]