SQL Injection Vulnerability in Symantec Critical System Protection and Data Center Security
CVE-2014-7289

Currently unrated

Key Information:

Vendor: Broadcom
Status: Symantec Critical System Protection
Vendor: CVE Published:; 21 January 2015

What is CVE-2014-7289?

A SQL injection vulnerability exists in the management server of Symantec Critical System Protection and Symantec Data Center Security: Server Advanced. This flaw allows remote authenticated users to craft malicious HTTP requests that can execute arbitrary SQL commands. If exploited, this could lead to unauthorized access to sensitive data or manipulation of the database, posing significant security risks for affected systems. Users of versions prior to the specified updates are strongly advised to apply patches to mitigate potential threats.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/534527/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/130060/Symantec-SDCS...

x_refsource_MISC

Timeline

Vulnerability published
Jan 21, 2015
Vulnerability Reserved
Oct 2, 2014

Broadcom

What is CVE-2014-7289?

References

Timeline