GCVE - cpe:2.3:a:symantec:endpoint_protection:11.0.2:mp2:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:symantec:endpoint_protection:11.0.2:mp2:*:*:*:*:*:*

part: a version: 11.0.2 update: mp2

Vendor	Symantec (`88d7b611-7ce9-5631-abc6-1312dc87ce23`)
Product	Endpoint Protection (`1caa4441-9002-5822-8157-a8ed6435f3ab`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-5011`	vulnerable	2026-06-03 14:33:20.377073	Details available Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory. Published: 2014-01-10T16:00:00.000Z Updated: 2024-08-06T16:59:41.088Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/64130 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/90226	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5010`	vulnerable	2026-06-03 14:33:20.376267	Details available The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors. Published: 2014-01-10T16:00:00.000Z Updated: 2024-08-06T16:59:41.208Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/64129 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/90225	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5009`	vulnerable	2026-06-03 14:33:20.370109	Details available The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account. Published: 2014-01-10T16:00:00.000Z Updated: 2024-08-06T16:59:41.181Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/64128 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/90224	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-4348`	vulnerable	2026-06-03 14:32:18.466007	Details available The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors. Published: 2012-12-18T20:00:00.000Z Updated: 2024-08-06T20:35:09.115Z Open on db.gcve.eu Reference links http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00 http://www.securityfocus.com/bid/56846 http://www.securitytracker.com/id?1027863	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-3268`	vulnerable	2026-06-03 14:30:30.592778	Details available The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request. Published: 2010-12-22T20:00:00.000Z Updated: 2024-08-07T03:03:18.900Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/515191/100/0/threaded http://secunia.com/advisories/43099 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00 http://www.vupen.com/english/advisories/2010/3206 http://www.coresecurity.com/content/symantec-intel-handler-service-remote-dos	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-0114`	vulnerable	2026-06-03 14:30:02.236315	Details available fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request. Published: 2010-12-22T00:00:00.000Z Updated: 2024-08-07T00:37:53.916Z Open on db.gcve.eu Reference links http://securitytracker.com/id?1024900 https://exchange.xforce.ibmcloud.com/vulnerabilities/64118 http://www.securityfocus.com/bid/45372 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101215_00 http://www.vupen.com/english/advisories/2010/3252	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Symantec Endpoint Protection Version 11.0.2 MR2 MP2

PURL mappings

Vulnerability references

Contribute