SQL Injection Vulnerability in Symantec LiveUpdate Administrator Management Interface
CVE-2014-1645

Currently unrated

Key Information:

Vendor: Symantec
Status: Liveupdate Administrator
Vendor: CVE Published:; 29 March 2014

What is CVE-2014-1645?

A SQL injection vulnerability exists in the management GUI of Symantec LiveUpdate Administrator (LUA) earlier than version 2.3.2.110. This flaw allows remote attackers to manipulate database queries by injecting arbitrary SQL commands through unspecified vectors, potentially compromising the integrity and security of the system. Organizations using affected versions of LUA should take immediate action to mitigate the risk associated with this vulnerability.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://archives.neohapsis.com/archives/bugtraq/2014-03/01...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/66400

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 29, 2014
Vulnerability Reserved
Jan 23, 2014