CVE-2015-1491SQL Injection in Endpoint Protection Manager

CWE-89SQL Injection3 documents3 sources
Severity
6.0MEDIUMNVD
EPSS
1.0%
top 22.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Endpoint Protection Manager
Timeline
PublishedAug 1
Latest updateMay 17

Description

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-rxq9-4v32-p8qp: SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 122022-05-17
CVEList
CVE-2015-1491: SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 122015-08-01
CVE-2015-1491 — SQL Injection in Symantec | cvebase