SQL Injection in Symantec Endpoint_protection

CVE-2014-9229

Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Admin…

Vulnerability class: SQL Injection

EPSS: 0.004 (63.5th percentile) — read the EPSS interpretation.

Affected products

Symantec Endpoint_protection
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)
75204 (vdb-entry, x_refsource_BID)
1032616 (vdb-entry, x_refsource_SECTRACK)