Affected Products
Product
Version
Build
Solution(s)
Symantec LiveUpdate Administrator
2.x
2.3.2 and prior
Upgrade to LUA 2.3.2.110
CVE: These issues are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
CVE
BID
Description
CVE-2014-1644
BID 66399
LUA Unauthorized Account Access Modification
CVE-2014-1645
BID 66400
LUA Unauthenticated SQL Injection
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1644 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1645 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1645
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1644 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1645 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1645
Reference document for migration: http://www.symantec.com/docs/TECH134809