CVE-2014-9229SQL Injection in Endpoint Protection

CWE-89SQL Injection3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 36.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Endpoint Protection
Timeline
PublishedSep 20
Latest updateMay 17

Description

Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4mp5-2f7x-3mrh: Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 122022-05-17
CVEList
CVE-2014-9229: Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 122015-09-20
CVE-2014-9229 — SQL Injection in Symantec | cvebase