Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0522

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0522
Last Modified 07 Mar 2011 09:30:14
Published 02 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0522

Summary

SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL.

Vulnerable Systems

Application

  • Symantec Sygate Management Server 3.5 Mr 3 Build 894 English

  • Symantec Sygate Management Server 4.0 Mr 1 Build 1104 English

  • Symantec Sygate Management Server 4.1 Ga Build 1258 Japanese

  • Symantec Sygate Management Server 4.1 Mr 2 Build 1417 English

  • Symantec Sygate Management Server 4.1 Mr1 Build 1351 Chinese


References

CONFIRM - http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html

VUPEN - ADV-2006-0402

XF - symantec-sms-sql-injection(24413)

BID - 16452

OSVDB - 22883

SECTRACK - 1015561

SECUNIA - 18689


Last Updated: 27 May 2016 10:41:41