This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
The remote host is affected by multiple vulnerabilities.
The version of Symantec Encryption Management Server listening on the
remote host is prior to version 3.3.2 MP7. It is, therefore, affected
by multiple vulnerabilities :
- A flaw exists in the handling of specially formatted PGP
keys to the integrated key management server. This
allows a remote attacker to inject email headers in
order to manipulate fields within the key or
confirmation email. (CVE-2014-7287)
- A flaw exists in '/usr/bin/pgpbackup' when handling
filename values. This allows an authenticated, local
attacker to execute arbitrary commands with the use of a
pipe character. (CVE-2014-7288)
See also :
Upgrade to version 3.3.2 MP7 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false