Vulnerability Details CVE-2014-9229
Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.6%
CVSS Severity
CVSS v2 Score 6.5
References
- http://www.securityfocus.com/bid/75204
- http://www.securitytracker.com/id/1032616
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150617_00
- http://www.securityfocus.com/bid/75204
- http://www.securitytracker.com/id/1032616
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150617_00
Products affected by CVE-2014-9229
-
cpe:2.3:a:symantec:endpoint_protection:-
-
cpe:2.3:a:symantec:endpoint_protection:11
-
cpe:2.3:a:symantec:endpoint_protection:11.0
-
cpe:2.3:a:symantec:endpoint_protection:11.0.1
-
cpe:2.3:a:symantec:endpoint_protection:11.0.2
-
cpe:2.3:a:symantec:endpoint_protection:11.0.3001
-
cpe:2.3:a:symantec:endpoint_protection:11.0.4
-
cpe:2.3:a:symantec:endpoint_protection:11.0.6000
-
cpe:2.3:a:symantec:endpoint_protection:11.0.6100
-
cpe:2.3:a:symantec:endpoint_protection:11.0.6200
-
cpe:2.3:a:symantec:endpoint_protection:11.0.6200.754
-
cpe:2.3:a:symantec:endpoint_protection:11.0.6300
-
cpe:2.3:a:symantec:endpoint_protection:11.0.7
-
cpe:2.3:a:symantec:endpoint_protection:11.0.7.1
-
cpe:2.3:a:symantec:endpoint_protection:11.0.7.2
-
cpe:2.3:a:symantec:endpoint_protection:11.0.7.3
-
cpe:2.3:a:symantec:endpoint_protection:11.0.7000
-
cpe:2.3:a:symantec:endpoint_protection:11.0.7100
-
cpe:2.3:a:symantec:endpoint_protection:12.0
-
cpe:2.3:a:symantec:endpoint_protection:12.0.1001.95
-
cpe:2.3:a:symantec:endpoint_protection:12.0.122.192
-
cpe:2.3:a:symantec:endpoint_protection:12.1
-
cpe:2.3:a:symantec:endpoint_protection:12.1.1
-
cpe:2.3:a:symantec:endpoint_protection:12.1.1.1
-
cpe:2.3:a:symantec:endpoint_protection:12.1.2
-
cpe:2.3:a:symantec:endpoint_protection:12.1.2.1
-
cpe:2.3:a:symantec:endpoint_protection:12.1.3
-
cpe:2.3:a:symantec:endpoint_protection:12.1.4
-
cpe:2.3:a:symantec:endpoint_protection:12.1.4.1
-
cpe:2.3:a:symantec:endpoint_protection:12.1.4.1a
-
cpe:2.3:a:symantec:endpoint_protection:12.1.4.1b
-
cpe:2.3:a:symantec:endpoint_protection:12.1.4a
-
cpe:2.3:a:symantec:endpoint_protection:12.1.5