CVE-2013-5014
Symantec Endpoint Protection Manager - Remote Command Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
6Exploited in Wild
-Decision
Descriptions
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
La consola de gestión en Symantec Endpoint Protection Manager (SEPM) 11.0 anteriorm a 11.0.7405.1424 y 12.1 anterior a 12.1.4023.4080 y Symantec Protection Center Small Business Edition 12.x anterior a 12.1.4023.4080, permite a atacantes remotos leer archivos arbitrarios a través de datos XML conteniendo una declaración de entidad externa en conjunción con una referencia de entidad, relacionado con un problema XML External Entity (XXE).
Symantec Endpoint Protection versions 11.0, 12.0, and 12.1 suffer from unauthenticated XML external entity injection and unauthenticated local SQL injection vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-07-29 CVE Reserved
- 2014-02-14 CVE Published
- 2014-02-23 First Exploit
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (9)
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/125366 | 2014-02-23 | |
| https://packetstorm.news/files/id/125410 | 2014-02-26 | |
| https://www.exploit-db.com/exploits/31917 | 2014-02-26 | |
| https://www.exploit-db.com/exploits/31853 | 2014-02-23 | |
| http://www.exploit-db.com/exploits/31853 | 2024-08-06 | |
| http://www.exploit-db.com/exploits/31917 | 2024-08-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Symantec Search vendor "Symantec" | Endpoint Protection Manager Search vendor "Symantec" for product "Endpoint Protection Manager" | 11.0 Search vendor "Symantec" for product "Endpoint Protection Manager" and version "11.0" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Endpoint Protection Manager Search vendor "Symantec" for product "Endpoint Protection Manager" | 12.1.0 Search vendor "Symantec" for product "Endpoint Protection Manager" and version "12.1.0" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Endpoint Protection Manager Search vendor "Symantec" for product "Endpoint Protection Manager" | 12.1.1 Search vendor "Symantec" for product "Endpoint Protection Manager" and version "12.1.1" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Endpoint Protection Manager Search vendor "Symantec" for product "Endpoint Protection Manager" | 12.1.2 Search vendor "Symantec" for product "Endpoint Protection Manager" and version "12.1.2" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Endpoint Protection Manager Search vendor "Symantec" for product "Endpoint Protection Manager" | 12.1.3 Search vendor "Symantec" for product "Endpoint Protection Manager" and version "12.1.3" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Protection Center Search vendor "Symantec" for product "Protection Center" | 12.0 Search vendor "Symantec" for product "Protection Center" and version "12.0" | small_business |
Affected
| ||||||