CVE-2006-0522
Published Feb 2, 2006
Last updated 7 years ago
Overview
- Description
- SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:sygate_management_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4FD9E5B5-20DD-4D3C-9D10-08A043B51C88",
"versionEndIncluding": "4.1_mr_2_build_1417_english"
},
{
"criteria": "cpe:2.3:a:symantec:sygate_management_server:3.5_mr_3_build_894_english:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EAFFADA-1F18-444D-917D-5AEA1CC1A0B8"
},
{
"criteria": "cpe:2.3:a:symantec:sygate_management_server:4.0_mr_1_build_1104_english:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B1958B8-31A2-4C36-81A8-EDA3001DED74"
},
{
"criteria": "cpe:2.3:a:symantec:sygate_management_server:4.1_ga_build_1258_japanese:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80AC3305-3F74-4502-BB0B-E2E2C3FB9941"
},
{
"criteria": "cpe:2.3:a:symantec:sygate_management_server:4.1_mr1_build_1351_chinese:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8DA3C4A-3493-48AD-8B9C-CE8F494F036D"
}
],
"operator": "OR"
}
]
}
]