Vulnerability Details CVE-2010-0114
fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 85.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/42643
- http://securitytracker.com/id?1024900
- http://www.securityfocus.com/bid/45372
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101215_00
- http://www.vupen.com/english/advisories/2010/3252
- http://www.zerodayinitiative.com/advisories/ZDI-10-291/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64118
- http://secunia.com/advisories/42643
- http://securitytracker.com/id?1024900
- http://www.securityfocus.com/bid/45372
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101215_00
- http://www.vupen.com/english/advisories/2010/3252
- http://www.zerodayinitiative.com/advisories/ZDI-10-291/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64118
Products affected by CVE-2010-0114
-
cpe:2.3:a:symantec:endpoint_protection:11.0
-
cpe:2.3:a:symantec:endpoint_protection:11.0.1
-
cpe:2.3:a:symantec:endpoint_protection:11.0.2
-
cpe:2.3:a:symantec:endpoint_protection:11.0.3001
-
cpe:2.3:a:symantec:endpoint_protection:11.0.4