CVE-2013-7369

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to GetCommand.

Vulnerabilidad de inyección SQL en una DLL no especificada en el control FSDBCom ActiveX en F-Secure Anti-Virus para Microsoft Exchange Server anterior a HF02, Anti-Virus para Windows Servers 9.00 anterior a HF09, Anti-Virus para Citrix Servers 9.00 anterior a HF09, y F-Secure Email y Server Security y F-Secure Server Security 9.20 anterior a HF01 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores desconocidos, relacionado con GetCommand.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-04-18 CVE Reserved
2014-04-18 CVE Published
2024-09-17 CVE Updated
2024-11-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CAPEC

References (2)

URL	Tag	Source
http://www.zerodayinitiative.com/advisories/ZDI-13-095	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.f-secure.com/en/web/labs_global/fsc-2013-1	2014-04-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
F-secure Search vendor "F-secure"		Anti-virus Search vendor "F-secure" for product "Anti-virus"				9.00 Search vendor "F-secure" for product "Anti-virus" and version "9.00"		citrix_servers		Affected
F-secure Search vendor "F-secure"		Anti-virus Search vendor "F-secure" for product "Anti-virus"				9.00 Search vendor "F-secure" for product "Anti-virus" and version "9.00"		exchange_server		Affected
F-secure Search vendor "F-secure"		Anti-virus Search vendor "F-secure" for product "Anti-virus"				9.00 Search vendor "F-secure" for product "Anti-virus" and version "9.00"		windows_server		Affected
F-secure Search vendor "F-secure"		Anti-virus Search vendor "F-secure" for product "Anti-virus"				9.10 Search vendor "F-secure" for product "Anti-virus" and version "9.10"		exchange_server		Affected
F-secure Search vendor "F-secure"		Email And Server Security Search vendor "F-secure" for product "Email And Server Security"				9.20 Search vendor "F-secure" for product "Email And Server Security" and version "9.20"		-		Affected
F-secure Search vendor "F-secure"		Server Security Search vendor "F-secure" for product "Server Security"				9.20 Search vendor "F-secure" for product "Server Security" and version "9.20"		-		Affected