CVE-2014-7288
Symantec PGP Universal Server & Encryption Management Server <3.3.2...
Title source: llmDescription
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Paul Craig · textremotewindows
https://www.exploit-db.com/exploits/35949
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031673
Patch, Vendor Advisory x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/35949
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/100763
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/117766
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72308
Scores
EPSS
0.1120
EPSS Percentile
93.5%
Details
CWE
CWE-264
Status
published
Products (2)
symantec/encryption_management_server
< 3.3.2
symantec/pgp_universal_server
< 3.3.2
Published
Feb 01, 2015
Tracked Since
Feb 18, 2026