CVE-2014-1645

Currently unrated

Key Information:

Vendor: Symantec
Status: Liveupdate Administrator
Vendor: CVE Published:; 29 March 2014

Summary

SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://archives.neohapsis.com/archives/bugtraq/2014-03/01...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/66400

vdb-entryx_refsource_BID

EPSS Score

62% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 29, 2014
Vulnerability Reserved
Jan 23, 2014