First published: Sat Mar 29 2014(Updated: )
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Credit: secure@symantec.com
Affected Software | Affected Version | How to fix |
---|---|---|
Symantec LiveUpdate Administrator | <=2.3.2 | |
Symantec LiveUpdate Administrator | =2.1.0 | |
Symantec LiveUpdate Administrator | =2.1.2 | |
Symantec LiveUpdate Administrator | =2.1.3 | |
Symantec LiveUpdate Administrator | =2.2.1 | |
Symantec LiveUpdate Administrator | =2.2.2 | |
Symantec LiveUpdate Administrator | =2.2.2.9 | |
Symantec LiveUpdate Administrator | =2.3.0 | |
Symantec LiveUpdate Administrator | =2.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-1645 has a high severity rating due to the potential for remote attackers to execute arbitrary SQL commands.
To fix CVE-2014-1645, upgrade Symantec LiveUpdate Administrator to version 2.3.2.110 or later.
CVE-2014-1645 affects Symantec LiveUpdate Administrator versions 2.x prior to 2.3.2.110.
CVE-2014-1645 is classified as an SQL injection vulnerability.
Yes, CVE-2014-1645 can be exploited remotely by attackers to execute SQL commands.