CVE-2018-12244

moderate-risk

Published 2019-04-25

SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.

Do I need to act?

-

0.38% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

6

CVSS 6.3/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Endpoint Protection

Affected Vendors

Symantec

References (4)

Vendor Advisory https://support.symantec.com/en_US/article.SYMSA1479.html

Third Party Advisory https://www.securityfocus.com/bid/107999

Vendor Advisory https://support.symantec.com/en_US/article.SYMSA1479.html

Third Party Advisory https://www.securityfocus.com/bid/107999

49

/ 100

moderate-risk

Severity 23/34 · High

Exploitability 1/34 · Minimal

Exposure 25/34 · High