Required CVE Record Information
Description
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References 6 Total
- seclists.org: 20141106 SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection mailing-list
- exchange.xforce.ibmcloud.com: symantec-endpoint-cve20143437-info-disc(98525) vdb-entry
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141105_00
- securityfocus.com: 70843 vdb-entry
- securityfocus.com: 20141106 SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection mailing-list
- securitytracker.com: 1031176 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- seclists.org: 20141106 SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection mailing-listx_transferred
- exchange.xforce.ibmcloud.com: symantec-endpoint-cve20143437-info-disc(98525) vdb-entryx_transferred
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141105_00 x_transferred
- securityfocus.com: 70843 vdb-entryx_transferred
- securityfocus.com: 20141106 SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection mailing-listx_transferred
- securitytracker.com: 1031176 vdb-entryx_transferred