Symantec Endpoint Protection (SEP) Manager is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary PHP code in the context of the application.
This issue is fixed in the following versions:
Symantec Endpoint Protection 11.0 RU7-MP3 Symantec Endpoint Protection 12.1 RU2
Versions affected:
Symantec Endpoint Protection 11.0 RU7 MP1 0 Symantec Endpoint Protection 11.0 RU6-MP3(11.0.6300) 0 Symantec Endpoint Protection 11.0 RU6-MP2(11.0.6200) 0 Symantec Endpoint Protection 11.0 RU6-MP1(11.0.6100) 0 Symantec Endpoint Protection 12.1 RU1-MP1 Symantec Endpoint Protection 12.1 MP1 Symantec Endpoint Protection 12.1 Symantec Endpoint Protection 12.0 Symantec Endpoint Protection 11.0 RU7 MP2 Symantec Endpoint Protection 11.0 RU7 MP1 Symantec Endpoint Protection 11.0 RU6-MP3(11.0.63 Symantec Endpoint Protection 11.0 RU6-MP2(11.0.62 Symantec Endpoint Protection 11.0 RU6 MP4 Symantec Endpoint Protection 11.0 RU6 MP3 Symantec Endpoint Protection 11.0 RU6 MP2 Symantec Endpoint Protection 11.0 RU6 MP1 Symantec Endpoint Protection 11.0 RU5 Symantec Endpoint Protection 11.0 RU4 Symantec Endpoint Protection 11.0 MR3
References:
http://www.securityfocus.com/bid/56846/discuss
http://www.securityfocus.com/bid/56846