Key Management Vulnerability in Symantec PGP Universal Server and Encryption Management Server
CVE-2014-7287

Currently unrated

Key Information:

Vendor: Symantec
Status: Encryption Management Server; Pgp Universal Server
Vendor: CVE Published:; 1 February 2015

What is CVE-2014-7287?

The key-management component in Symantec's PGP Universal Server and Encryption Management Server prior to version 3.3.2 MP7 is susceptible to a flaw that enables remote attackers to inject unintended content into outbound email messages. This vulnerability can be exploited through a specially crafted key UID value within an inbound email, potentially affecting the integrity of the Subject header and other email fields, leading to various security risks.

References

http://www.securitytracker.com/id/1031673

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/72307

vdb-entryx_refsource_BID

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2015
Vulnerability Reserved
Oct 2, 2014