Symantec LiveUpdate Administrator Unauthenticated Vulnerabilities

Last Update Date: 31 Mar 2014 18:00 Release Date: 31 Mar 2014 3849 Views

RISK: High Risk

High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Two vulnerabilities have been identified in Symantec LiveUpdate Administrator, which can be exploited by remote user to inject SQL commands. A remote user can reset account passwords to arbitrary values.

  • The management web interface does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
  • The management web interface does not provide proper protection for the forgotten password function. A remote user with knowledge of a valid user account email address can reset the target account's password to an arbitrary value.

Impact

  • Security Restriction Bypass

System / Technologies affected

  • Symantec LiveUpdate Administrator 2.3.2 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 2.3.2.110.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Synology DiskStation Manager Multiple Vulnerabilities

28 Mar 2014 3675 Views

Next

Adobe Reader Bypass Sandbox Restrictions Vulnerabilities

31 Mar 2014 3955 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY