What is CVE-2013-5015?

CVE-2013-5015 is a vulnerability in Symantec Endpoint_protection_manager, classified under SQL Injection. Published 2014-02-14.

Is CVE-2013-5015 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Symantec Endpoint_protection_manager

CVE-2013-5015

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.408…

Vulnerability class: SQL Injection

EPSS: 0.645 (98.5th percentile) — read the EPSS interpretation.

Affected products

Symantec Endpoint_protection_manager — versions 11.0, 12.1.0, 12.1.1
Symantec Protection_center — versions 12.0
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)
secure@symantec.com (x_refsource_MISC)
31853 (exploit, x_refsource_EXPLOIT-DB)
31917 (exploit, x_refsource_EXPLOIT-DB)
65467 (vdb-entry, x_refsource_BID)
103306 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2013-5015?: CVE-2013-5015 is a vulnerability in Symantec Endpoint_protection_manager, classified under SQL Injection. Published 2014-02-14.
Is CVE-2013-5015 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.