Symantec.Sygate.Authentication.Servlet.SQL.Injection
Description
This indicates a possible attempt to exploit a SQL-Injection vulnerability in Symantec Sygate Management Server.
The vulnerability is in the SMS Authentication Servlet component of the server. A remote attacker can modify query logic or launch other attacks by passing specially crafted input to the server in HTTP GET requests. As a result the attacker may be able to overwrite the password of any account, including the administrator account.
Affected Products
Symantec Sygate Management Server Japanese Version 4.1 GA build 1258
Symantec Sygate Management Server English version 4.1 MR 2 build 1417
Symantec Sygate Management Server English version 4.0 MR 1 build 1104
Symantec Sygate Management Server English version 3.5 MR 3 build 894
Symantec Sygate Management Server Chinese Version 4.1 MR1 build 1351
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrades are available from the vendor.
http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-11 | 16.978 |