Vulnerability Details CVE-2006-0522
SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/18689
- http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html
- http://securitytracker.com/id?1015561
- http://www.osvdb.org/22883
- http://www.securityfocus.com/bid/16452
- http://www.vupen.com/english/advisories/2006/0402
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24413
- http://secunia.com/advisories/18689
- http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html
- http://securitytracker.com/id?1015561
- http://www.osvdb.org/22883
- http://www.securityfocus.com/bid/16452
- http://www.vupen.com/english/advisories/2006/0402
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24413
Products affected by CVE-2006-0522
-
cpe:2.3:a:symantec:sygate_management_server:-
-
cpe:2.3:a:symantec:sygate_management_server:3.5_mr_3_build_894_english
-
cpe:2.3:a:symantec:sygate_management_server:4.0_mr_1_build_1104_english
-
cpe:2.3:a:symantec:sygate_management_server:4.1_ga_build_1258_japanese
-
cpe:2.3:a:symantec:sygate_management_server:4.1_mr1_build_1351_chinese