CVE-2010-0114
Symantec Endpoint Protection Manager < 11 RU6 MP2 - Remote Code Execution via fw_charts.php Report Generation
Title source: llmDescription
fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1024900
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64118
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45372
Third Party Advisory x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101215_00
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3252
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-291/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42643
Scores
EPSS
0.0276
EPSS Percentile
86.2%
Details
CWE
CWE-20
Status
published
Products (5)
symantec/endpoint_protection
11.0 (4 CPE variants)
symantec/endpoint_protection
11.0.1 (2 CPE variants)
symantec/endpoint_protection
11.0.2 (3 CPE variants)
symantec/endpoint_protection
11.0.4 (3 CPE variants)
symantec/endpoint_protection
11.0.3001
Published
Dec 22, 2010
Tracked Since
Feb 18, 2026