Vulnerability Description
fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Endpoint Protection | 11.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/42643Vendor Advisory
- http://securitytracker.com/id?1024900
- http://www.securityfocus.com/bid/45372
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
- http://www.vupen.com/english/advisories/2010/3252Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-10-291/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64118
- http://secunia.com/advisories/42643Vendor Advisory
- http://securitytracker.com/id?1024900
- http://www.securityfocus.com/bid/45372
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
- http://www.vupen.com/english/advisories/2010/3252Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-10-291/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64118
FAQ
What is CVE-2010-0114?
CVE-2010-0114 is a vulnerability with a CVSS score of 7.5 (HIGH). fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report...
How severe is CVE-2010-0114?
CVE-2010-0114 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0114?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Endpoint Protection.