CVE-2006-0522

critical

Description

SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24413

http://www.vupen.com/english/advisories/2006/0402

http://www.securityfocus.com/bid/16452

http://www.osvdb.org/22883

http://securitytracker.com/id?1015561

http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html

http://secunia.com/advisories/18689

Details

Source: Mitre, NVD

Published: 2006-02-02

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01251