This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.
The version of Symantec Endpoint Protection Manager installed on the
remote host is affected by multiple vulnerabilities.
The version of Symantec Endpoint Protection Manager (SEPM) running on
the remote host is either 11.x prior to 11.0 RU7-MP4a or 12.x prior to
12.1 RU4a. It is, therefore, affected by multiple vulnerabilities:
- SEPM is affected by an XML external entity injection
vulnerability due to a failure to properly sanitize
user-supplied input. A remote, unauthenticated attacker
could potentially exploit this vulnerability to read
arbitrary files. (CVE-2013-5014)
- SEPM is affected by a SQL injection vulnerability due to
a failure to properly sanitize user-supplied input. A
locally authenticated user could potentially exploit
this vulnerability to execute arbitrary SQL commands
against the back-end database. (CVE-2013-5015)
See also :
Upgrade to 11.0 RU7-MP4a / 12.1 RU4a or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.9
Public Exploit Available : true