Symantec Sygate Management Server SMS Authentication Servlet SQL Injection Vulnerability

Symantec Sygate Management Server is prone to an SQL-injection vulnerability.

The vulnerability specifically affects the SMS Authentication Servlet component of the server.

A remote attacker can pass malicious input to database queries through HTTP GET requests, resulting in modification of query logic or other attacks.

This issue can allow attackers to overwrite the password of any account on the server. This can facilitate a complete compromise if the attacker can overwrite the administrator password.


Privacy Statement
Copyright 2010, SecurityFocus