Vulnerability Description
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Encryption Management Server | <= 3.3.2 |
| Symantec | Pgp Universal Server | <= 3.3.2 |
Related Weaknesses (CWE)
References
- http://www.exploit-db.com/exploits/35949
- http://www.osvdb.org/117766
- http://www.securityfocus.com/bid/72308
- http://www.securitytracker.com/id/1031673
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100763
- http://www.exploit-db.com/exploits/35949
- http://www.osvdb.org/117766
- http://www.securityfocus.com/bid/72308
- http://www.securitytracker.com/id/1031673
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100763
FAQ
What is CVE-2014-7288?
CVE-2014-7288 is a vulnerability with a CVSS score of 9.0 (HIGH). Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-b...
How severe is CVE-2014-7288?
CVE-2014-7288 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7288?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Encryption Management Server, Symantec Pgp Universal Server.