CVE-2012-4348

Published: Dec 18, 2012Modified: Apr 29, 2026

7.2

Vector

AV:A/AC:L/Au:M/C:C/I:C/A:C

Exploitability: 4.1 / Impact: 10.0

Source: NVD

Description

The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors.

Affected (28)

Products: Symantec: Endpoint Protection

Symantec

1 product

Endpoint Protection

Configuration A

23 vulnerable

Vulnerable Software	Affected Versions
Symantec Endpoint Protection	Version 11.0.1
Symantec Endpoint Protection	Version 11.0.1 mp1
Symantec Endpoint Protection	Version 11.0.1 mp2
Symantec Endpoint Protection	Version 11.0.2
Symantec Endpoint Protection	Version 11.0.2 mp1
Symantec Endpoint Protection	Version 11.0.2 mp2
Symantec Endpoint Protection	Version 11.0.3001
Symantec Endpoint Protection	Version 11.0.4
Symantec Endpoint Protection	Version 11.0.4 mp1a
Symantec Endpoint Protection	Version 11.0.4 mp2
Symantec Endpoint Protection	Version 11.0.6000
Symantec Endpoint Protection	Version 11.0.6100
Symantec Endpoint Protection	Version 11.0.6200.754
Symantec Endpoint Protection	Version 11.0.6200
Symantec Endpoint Protection	Version 11.0.6300
Symantec Endpoint Protection	Version 11.0.7000
Symantec Endpoint Protection	Version 11.0.7100
Symantec Endpoint Protection	Version 11.0
Symantec Endpoint Protection	Version 11.0 ru5
Symantec Endpoint Protection	Version 11.0 ru6
Symantec Endpoint Protection	Version 11.0 ru6a
Symantec Endpoint Protection	Version 11.0 ru6mp1
Symantec Endpoint Protection	Version 11.0 ru6mp2