CVE-2014-3439

EUVD-2014-3451
ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 UNKNOWN
ADJACENT_NETWORK
LOW
AV:A/AC:L/Au:N/C:N/I:N/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
symantecendpoint_protection_manager
𝑥
≤ 12.1.4
symantecendpoint_protection_manager
12.1.0
symantecendpoint_protection_manager
12.1.1
symantecendpoint_protection_manager
12.1.2
symantecendpoint_protection_manager
12.1.3
𝑥
= Vulnerable software versions
References
http://seclists.org/fulldisclosure/2014/Nov/7
http://www.securityfocus.com/archive/1/533918/100/0/threaded
http://www.securityfocus.com/bid/70845
http://www.securitytracker.com/id/1031176
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141105_00
https://exchange.xforce.ibmcloud.com/vulnerabilities/98527
http://seclists.org/fulldisclosure/2014/Nov/7
http://www.securityfocus.com/archive/1/533918/100/0/threaded
http://www.securityfocus.com/bid/70845
http://www.securitytracker.com/id/1031176
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141105_00
https://exchange.xforce.ibmcloud.com/vulnerabilities/98527