7.5

CVE-2006-0522

EPSS 1.69%
Veröffentlicht 02.02.2006 11:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Symantec ≫ Sygate Management Server Version <= 4.1_mr_2_build_1417_english

Symantec ≫ Sygate Management Server Version3.5_mr_3_build_894_english

Symantec ≫ Sygate Management Server Version4.0_mr_1_build_1104_english

Symantec ≫ Sygate Management Server Version4.1_ga_build_1258_japanese

Symantec ≫ Sygate Management Server Version4.1_mr1_build_1351_chinese

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.69%	0.814

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/18689

http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html

Patch

Vendor Advisory

http://securitytracker.com/id?1015561

http://www.osvdb.org/22883

http://www.securityfocus.com/bid/16452

http://www.vupen.com/english/advisories/2006/0402

https://exchange.xforce.ibmcloud.com/vulnerabilities/24413

https://nvd.nist.gov/vuln/detail/CVE-2006-0522

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0522

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0522

EUVD