CVE-2014-1645

Published Mar 29, 2014

Last updated 3 months ago

CVSS info 7.5

Overview

Description: SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Source: secure@symantec.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30E31DE4-79FD-46CB-B4EF-97C71314F6DD",
            "versionEndIncluding": "2.3.2"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C6436A5-ED76-4A14-B0B7-F34ED9A103B4"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B411C8E3-5C1E-4C05-85EB-27EDDF1BEEF3"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4DA63E2-6474-4DFC-B3D8-74164227385D"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20DC932C-BD80-43C0-A3F8-DC65F0EE1FFE"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C2DE1CE-8A1D-4BEB-86A2-EF5501789A97"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.2.2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6810DD57-BF79-4F38-81C5-8F2B69577E35"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C05A008-A1A0-4CDE-B235-785316EE0055"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BFF96B5-8BC2-47CA-94CC-CD9144E939AC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References