Symantec LiveUpdate Administrator Multiple Vulnerabilities

Summary
The host is installed with Symantec LiveUpdate Administrator and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to bypass certain security restrictions and inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Impact Level: Application
Solution
Upgrade to Symantec LiveUpdate Administrator version 2.3.2.110 or later, For updates refer to http://www.symantec.com
Insight
Multiple flaws are due to, - Improper restrictions on access to the 'lua/forcepasswd.do' script. - Improper sanitization of input passed to 'lua/forcepasswd.do' and 'loginforgotpwd' scripts.
Affected
Symantec LiveUpdate Administrator before version 2.x before 2.3.2.110
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References