SQL Injection Vulnerability in Symantec Ghost Solutions Suite
CVE-2006-1284

Currently unrated

Key Information:

Vendor: Symantec
Status: Ghost Solutions Suite; Norton Ghost
Vendor: CVE Published:; 19 March 2006

Summary

The installation of SQLAnywhere within Symantec Ghost 8.0 and 8.2, utilized in Symantec Ghost Solutions Suite 1.0, is affected by a significant vulnerability due to default administrator login credentials. This flaw permits local users to exploit the system by gaining unauthorized privileges and altering tasks, posing severe security risks. Action should be taken to mitigate any potential threats stemming from this oversight.

References

http://securitytracker.com/id?1015733

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/19171

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/17018

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Mar 19, 2006
Vulnerability Reserved
Mar 19, 2006