Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-7289

CWE-89 — SQL Injection4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.9%

top 24.70%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Symantec Critical System Protection Symantec Data Center Security

Timeline

PublishedJan 21

Latest updateMay 13

Description

SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

▶NVDsymantec/data_center_security6.0.0

▶NVDbroadcom/symantec_critical_system_protection5.2.9

🔴Vulnerability Details

GHSA

GHSA-4pp2-m693-v6x9: SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5↗2022-05-13

▶

CVEList

CVE-2014-7289: SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5↗2015-01-21

▶

💥Exploits & PoCs

Exploit-DB

Symantec Data Center Security - Multiple Vulnerabilities↗2015-01-26

▶