Vulnerability Description
The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Endpoint Protection | 11.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/56846
- http://www.securitytracker.com/id?1027863
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
- http://www.securityfocus.com/bid/56846
- http://www.securitytracker.com/id?1027863
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
FAQ
What is CVE-2012-4348?
CVE-2012-4348 is a vulnerability with a CVSS score of 7.2 (HIGH). The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly va...
How severe is CVE-2012-4348?
CVE-2012-4348 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4348?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Endpoint Protection.