NVD

Id
45761  
Name
CVE-2012-4348  
Description
The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors.  
Reject
 
CVSS Version
2  
CVSS Score
7.2  
Severity
High  
CVSS Base Score
7.2  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
4.1  
CVSS Vector
(AV:A/AC:L/Au:M/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2012-12-18  
Modified Date
2013-03-13  
Seq
2012-4348  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
229690 45761 CVE-2012-4348 56846  View
229691 45761 CVE-2012-4348 1027863  View
229692 45761 CVE-2012-4348 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
30038 JVNDB-2012-005745 Symantec Endpoint Protection の管理コンソールにおける任意のコードを実行される脆弱性 Symantec Endpoint Protection (SEP) の管理コンソールは、PHP スクリプトの入力を適切に検証しないため、任意のコードを実行される脆弱性が存在します。 CVE-2012-4348 57586 CVE-2012-4348 45761 7.2 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005745.html 2012-12-10 2012-12-25 View