7.5

CVE-2013-5014

EPSS 86.2%
Veröffentlicht 14.02.2014 13:10:27
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secure@symantec.com
Teams Watchlist Login
Unerledigt Login

The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Symantec ≫ Endpoint Protection Manager Version11.0

Symantec ≫ Endpoint Protection Manager Version12.1.0

Symantec ≫ Endpoint Protection Manager Version12.1.1

Symantec ≫ Endpoint Protection Manager Version12.1.2

Symantec ≫ Endpoint Protection Manager Version12.1.3

Symantec ≫ Protection Center Version12.0 SwEditionsmall_business

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	86.2%	0.993

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.exploit-db.com/exploits/31853

http://www.exploit-db.com/exploits/31917

http://www.securityfocus.com/bid/65466

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00

Vendor Advisory

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txt

https://nvd.nist.gov/vuln/detail/CVE-2013-5014

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-5014

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-5014

EUVD