Offentliche Verwaltung Deutschland - Symantec Endpoint Protection Group

 View Only

SYM14-005 Symantec Vulnerability Advisory for Symantec LiveUpdate Administrator 2.3.2.99 and earlier 

Apr 14, 2014 11:56 AM

  • Symantec Product Security has posted SYM14-005 Symantec LiveUpdate Administrator Unauthenticated/Unauthorized Account Access Modification and SQL injections advisory. This is a high severity advisory which affects LiveUpdate Administrator 2.3.2.99 and earlier. As part of normal best practices, Symantec strongly recommends keeping all operating systems and applications updated with the latest vendor patches.

Affected Products

Product

Version

Build

Solution(s)

Symantec LiveUpdate Administrator

2.x

2.3.2 and prior

Upgrade to LUA 2.3.2.110

 

CVE: These issues are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.

CVE

BID

Description

CVE-2014-1644

BID 66399

LUA Unauthorized Account Access Modification

CVE-2014-1645

BID 66400

LUA Unauthenticated SQL Injection

 

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1644
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1644

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1645
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1645

 

 

Reference document for migration: http://www.symantec.com/docs/TECH134809

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.