7.5

CVE-2013-5014

EPSS 86.2%
Published 14.02.2014 13:10:27
Last modified 11.04.2025 00:51:21
Source secure@symantec.com
Teams watchlist Login
Open Login

The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Endpoint Protection Manager Version11.0

Symantec ≫ Endpoint Protection Manager Version12.1.0

Symantec ≫ Endpoint Protection Manager Version12.1.1

Symantec ≫ Endpoint Protection Manager Version12.1.2

Symantec ≫ Endpoint Protection Manager Version12.1.3

Symantec ≫ Protection Center Version12.0 SwEditionsmall_business

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	86.2%	0.993

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.exploit-db.com/exploits/31853

http://www.exploit-db.com/exploits/31917

http://www.securityfocus.com/bid/65466

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00

Vendor Advisory

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txt

https://nvd.nist.gov/vuln/detail/CVE-2013-5014

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-5014

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-5014

EUVD