Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1644

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-1644
Last Modified 31 Mar 2014 12:40:14
Published 28 Mar 2014 09:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-1644

Summary

The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.

Vulnerable Systems

Application

  • Symantec Liveupdate Administrator 2.1.0

  • Symantec Liveupdate Administrator 2.1.2

  • Symantec Liveupdate Administrator 2.1.3

  • Symantec Liveupdate Administrator 2.2.1

  • Symantec Liveupdate Administrator 2.2.2

  • Symantec Liveupdate Administrator 2.2.2.9

  • Symantec Liveupdate Administrator 2.3.0

  • Symantec Liveupdate Administrator 2.3.1

  • Symantec Liveupdate Administrator 2.3.2


References

MISC - https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt

CONFIRM - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140327_00

BID - 66399

BUGTRAQ - 20140328 SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator


Last Updated: 27 May 2016 11:04:48