CVE-2014-7288

🗓️ 01 Feb 2015 02:00:00Reported by symantecType

cve

cve🔗 web.nvd.nist.gov👁 48 Views🌐 WEB

Symantec PGP Server 3.3.2 MP7 allows remote admins to execute arbitrary shell commands

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2014-7288	30 Jan 201500:00	–	circl
CNVD	Symantec Encryption Management Server Local Command Injection Vulnerability	30 Jan 201500:00	–	cnvd
Check Point Advisories	Symantec Encryption Management Server Database Backup Command Injection (CVE-2014-7288)	2 Mar 201500:00	–	checkpoint_advisories
Cvelist	CVE-2014-7288	1 Feb 201502:00	–	cvelist
NVD	CVE-2014-7288	1 Feb 201502:59	–	nvd
OpenVAS	Symantec Encryption Management Server Local Command Injection Vulnerability	18 Jun 201500:00	–	openvas
Packet Storm	Symantec Encryption Gateway Remote Command Injection	17 Jun 201500:00	–	packetstorm
Prion	Design/Logic Flaw	1 Feb 201502:59	–	prion
Symantec	Symantec Encryption Management Server Database Backup Command Line Injection and Email Header Inject	29 Jan 201508:00	–	symantec
Tenable Nessus	Symantec Encryption Management Server < 3.3.2 MP7 Multiple Vulnerabilities	5 Feb 201500:00	–	nessus

NVD

Node

symantec encryption_management_serverRange≤3.3.2mp6

OR

symantec pgp_universal_serverRange≤3.3.2mp6

Source	Link
symantec	www.symantec.com/security_response/securityupdates/detail.jsp
exploit-db	www.exploit-db.com/exploits/35949
osvdb	www.osvdb.org/117766
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/100763
securitytracker	www.securitytracker.com/id/1031673
securityfocus	www.securityfocus.com/bid/72308

Parameter	Position	Path	Description	CWE
filename	nested	/omc/uploadBackup.event	Remote Command Injection via crafted filename during database-backup restore/upload backup action	CWE-264

06 May 2026 22:30Current

7.4High risk

Vulners AI Score7.4

CVSS 29

EPSS0.11203

symantec pgp universal server encryption management server cve-2014-7288 security vulnerability remote code execution