PHP Vulnerability Assessment for Endpoint Protection Manager

search cancel

PHP Vulnerability Assessment for Endpoint Protection Manager

book

Article ID: 369503

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Is Symantec Endpoint Protection Manager (SEPM) affected by the following PHP Vulnerabilities:

CVE-2024-1874
CVE-2024-2408
CVE-2024-4577
CVE-2024-5458
CVE-2024-5585

Environment

Symantec Endpoint Protection 14.3.x

Resolution

CVE-2024-1874: Not affected. SEPM 14.3 RU8 uses PHP 8.0.28. Versions 8.0.x are not impacted.
CVE-2024-2408: Not affected. SEPM does not use the openssl_private_decrypt function in reporting (PHP).
CVE-2024-4577: Not Vulnerable. The PHP command lines are fixed and do not take user inputs in SEPM. The CVE cannot be exploited.
CVE-2024-5458: Not Vulnerable. FILTER_VALIDATE_URL is not used within our PHP code.
CVE-2024-5585: Not Vulnerable. proc_open is not used within our PHP code.

Additional Information

CRE-18239
CRE-18240
CRE-18290

Feedback

thumb_up Yes

thumb_down No