Lucene search
K

4 matches found

Check Point Advisories
Check Point Advisories
added 2014/04/13 12:0 a.m.3 views

Symantec LiveUpdate Administrator Security Bypass (CVE-2014-1644)

A security policy bypass vulnerability exists in Symantec LiveUpdate Administrator. The vulnerability is due to a failure to validate temporary passwords when processing a user account password reset. A remote unauthenticated attacker could exploit this vulnerability by sending a malicious reques...

7.5CVSS6.6AI score0.02639EPSS
Exploits1
securityvulns
securityvulns
added 2014/03/31 12:0 a.m.79 views

SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator

SEC Consult Vulnerability Lab Security Advisory 20140328-0 ======================================================================= title: Multiple critical vulnerabilities product: Symantec LiveUpdate Administrator vulnerable version: = 2.3.2.99 fixed version: 2.3.2.110 impact: critical CVE numbe...

7.5CVSS0.5AI score0.02639EPSS
Exploits2
seebug.org
seebug.org
added 2014/03/31 12:0 a.m.24 views

Symantec LiveUpdate Administrator未授权访问漏洞

Bugtraq ID:66399 CVE ID:CVE-2014-1644 Symantec LiveUpdate Administrator是一款Symantec产品升级管理程序。 Symantec LiveUpdate Administrator管理GUI对登录/密码功能提供不正确的保护,允许攻击者在知道目标用户email地址的情况下,利用重置密码功能重置用户密码,未授权进行访问。 0 Symantec LiveUpdate Administrator 2.x Symantec LiveUpdate Administrator 2.3.2.110已经修复该漏洞,建议用户下载更新:...

7.5CVSS6.5AI score0.02639EPSS
Exploits1
CVE
CVE
added 2014/03/29 1:0 a.m.58 views

CVE-2014-1644

CVE-2014-1644 affects Symantec LiveUpdate Administrator (LUA) 2.x pre-2.3.2.110. The root cause is a flawed forgotten-password flow in the management GUI (/lua/forcepasswd.do) that allows unauthenticated password resets when the attacker knows the target email address, enabling potential full acc...

7.5CVSS6.7AI score0.02639EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder