Today, Symantec released a new security advisory impacting older versions of the Symantec Endpoint Protection Manager (SEPM). Product engineering teams have worked closely with SEC Consult Vulnerability Lab and @virtualminds_es to verify the vulnerabilities. The latest release, SEPM 12.1.5, is available on FileConnect and contains updates that prevent the issues and should be installed to prevent infection.
The issues affect XML External Entity Injection, reflected cross-site scripting and the potential for arbitrary file write/overwrite. The vulnerabilities are considered medium to high severity. With normal SEPM installation the affected port(s) should not be accessible without gaining initial access to the network. Successful exploitation of these vulnerabilities could result in unauthorized user-level access to the SEPM, elevated or application-level access on a server, or network/system access.
If you’re unable to update to 12.1.5 (RU5) immediately, a SEP administrator has two options:
To date, Symantec is not aware of exploitation of or adverse customer impact from these issues. Further details regarding the vulnerabilities should be reviewed in the advisory.
Thanks
If your SEPM is already on 12.1.5, then you're covered. No further action is required.
The vulnerabilities only affect older versions of the Manager. If you already installed 12.1.5, then no further action is required.
We have installed the 12.1.5 a few weeks ago, are we safe or do we need to redownload it?
Here is a link to the advisory...
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141105_00