SQL Injection in F-secure Anti-virus

CVE-2013-7369

SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before H…

Vulnerability class: SQL Injection

EPSS: 0.004 (58.9th percentile) — read the EPSS interpretation.

Affected products

F-secure Anti-virus — versions 9.00, 9.10
F-secure Email_and_server_security — versions 9.20
F-secure Server_security — versions 9.20
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)