CVE-2014-7288

Published: Feb 1, 2015Modified: May 6, 2026

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability: 8.0 / Impact: 10.0

Source: NVD

Description

Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.

Affected (2)

Products: Symantec: Encryption Management Server, Pgp Universal Server

Symantec

2 products

Encryption Management Server

Pgp Universal Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Symantec Encryption Management Server	Up to 3.3.2
Symantec Pgp Universal Server	Up to 3.3.2

Related CWEs

CWE-264

References (12)

http://www.exploit-db.com/exploits/35949

Source: secure@symantec.com

http://www.osvdb.org/117766

Source: secure@symantec.com

http://www.securityfocus.com/bid/72308

Source: secure@symantec.com

http://www.securitytracker.com/id/1031673

Source: secure@symantec.com

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00

Source: secure@symantec.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/100763

Source: secure@symantec.com

http://www.exploit-db.com/exploits/35949