7.5

CVE-2006-0522

EPSS 1.69%
Published 02.02.2006 11:02:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Sygate Management Server Version <= 4.1_mr_2_build_1417_english

Symantec ≫ Sygate Management Server Version3.5_mr_3_build_894_english

Symantec ≫ Sygate Management Server Version4.0_mr_1_build_1104_english

Symantec ≫ Sygate Management Server Version4.1_ga_build_1258_japanese

Symantec ≫ Sygate Management Server Version4.1_mr1_build_1351_chinese

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.69%	0.814

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/18689

http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html

Patch

Vendor Advisory

http://securitytracker.com/id?1015561

http://www.osvdb.org/22883

http://www.securityfocus.com/bid/16452

http://www.vupen.com/english/advisories/2006/0402

https://exchange.xforce.ibmcloud.com/vulnerabilities/24413

https://nvd.nist.gov/vuln/detail/CVE-2006-0522

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0522

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0522

EUVD