Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-7288

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2014-7288
Last Modified 02 Mar 2015 09:59:46
Published 31 Jan 2015 09:59:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-7288

Summary

Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.

Vulnerable Systems

Application

  • Symantec Encryption Management Server 3.3.2

  • Symantec Pgp Universal Server 3.3.2


References

CONFIRM - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00

BID - 72308

XF - symantec-cve20147288-command-exec(100763)

OSVDB - 117766

EXPLOIT-DB - 35949


Last Updated: 27 May 2016 11:07:57