← Back

CVE-2010-0114

nvd nist
Published: Dec 22, 2010Modified: Apr 29, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request.

Affected (13)

Symantec
1 product
Endpoint Protection
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Symantec
Endpoint Protection
Version 11.0.1
Endpoint Protection
Version 11.0.1 mp1
Endpoint Protection
Version 11.0.2
Endpoint Protection
Version 11.0.2 mp1
Endpoint Protection
Version 11.0.2 mp2
Endpoint Protection
Version 11.0.3001
Endpoint Protection
Version 11.0.4
Endpoint Protection
Version 11.0.4 mp1a
Endpoint Protection
Version 11.0.4 mp2
Endpoint Protection
Version 11.0
Endpoint Protection
Version 11.0 ru5
Endpoint Protection
Version 11.0 ru6
Endpoint Protection
Version 11.0 ru6mp1

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.