CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-7369

SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to GetCommand.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.6%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.f-secure.com/en/web/labs_global/fsc-2013-1
http://www.zerodayinitiative.com/advisories/ZDI-13-095/
http://www.f-secure.com/en/web/labs_global/fsc-2013-1
http://www.zerodayinitiative.com/advisories/ZDI-13-095/

Products affected by CVE-2013-7369

F-Secure » Anti-Virus » Version: 9.00

cpe:2.3:a:f-secure:anti-virus:9.00
F-Secure » Anti-Virus » Version: 9.10

cpe:2.3:a:f-secure:anti-virus:9.10
F-Secure » Email And Server Security » Version: 9.20

cpe:2.3:a:f-secure:email_and_server_security:9.20
F-Secure » Server Security » Version: 9.20

cpe:2.3:a:f-secure:server_security:9.20

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-7369

Products

Pricing

Contact Us