Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveSymantecCVE-2014-3437
HistoryNov 07, 2014 - 11:55 a.m.

CVE-2014-3437

2014-11-0711:55:03
symantec
web.nvd.nist.gov
44
cve-2014-3437
symantec
sepm
ru5
xml
xxe
nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.05

Percentile

92.9%

JSON

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

Nvd
Node
symantecendpoint_protection_managerRange12.1.4
OR
symantecendpoint_protection_managerMatch12.1.0
OR
symantecendpoint_protection_managerMatch12.1.1
OR
symantecendpoint_protection_managerMatch12.1.2
OR
symantecendpoint_protection_managerMatch12.1.3
VendorProductVersionCPE
symantecendpoint_protection_manager*cpe:2.3:a:symantec:endpoint_protection_manager:*:*:*:*:*:*:*:*
symantecendpoint_protection_manager12.1.0cpe:2.3:a:symantec:endpoint_protection_manager:12.1.0:*:*:*:*:*:*:*
symantecendpoint_protection_manager12.1.1cpe:2.3:a:symantec:endpoint_protection_manager:12.1.1:*:*:*:*:*:*:*
symantecendpoint_protection_manager12.1.2cpe:2.3:a:symantec:endpoint_protection_manager:12.1.2:*:*:*:*:*:*:*
symantecendpoint_protection_manager12.1.3cpe:2.3:a:symantec:endpoint_protection_manager:12.1.3:*:*:*:*:*:*:*

Related

cvelist 1
nvd 1
prion 1
securityvulns 2
openvas 1
nessus 1
symantec 1
exploitpack 1
exploitdb 1
packetstorm 1
zdt 1
seebug 1
cvelist
cvelist
CVE-2014-3437
2014-11-07 11:00:00
nvd
nvd
CVE-2014-3437
2014-11-07 11:55:03
prion
prion
Xxe
2014-11-07 11:55:00
securityvulns
securityvulns
Symantec Endpoint Protection multiple security vulnerabilities
2014-11-10 00:00:00
SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection
2014-11-10 00:00:00
openvas
openvas
Symantec Endpoint Protection Manager Multiple Vulnerabilities (Dec 2014)
2014-12-04 00:00:00
nessus
nessus
Symantec Endpoint Protection Manager < 12.1 RU5 Multiple Vulnerabilities (SYM14-015)
2014-11-10 00:00:00
symantec
symantec
Symantec Endpoint Protection Manager Multiple Issues
2014-11-05 08:00:00
exploitpack
exploitpack
Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities
2014-11-06 00:00:00
exploitdb
exploitdb
Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities
2014-11-06 00:00:00
packetstorm
packetstorm
Symantec Endpoint Protection 12.1.4023.4080 XXE / XSS / Arbitrary File Write
2014-11-06 00:00:00
zdt
zdt
Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities
2014-11-06 00:00:00
seebug
seebug
Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities
2014-11-13 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.05

Percentile

92.9%

JSON
Related for CVE-2014-3437
cvelist1nvd1prion1securityvulns2openvas1nessus1symantec1exploitpack1exploitdb1packetstorm1zdt1seebug1