CVE-2014-7287

Name: CVE-2014-7287
Creator: NVD / NIST
Published: 2015-02-01T02:59:01.52+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.11%

Last modified Jun 17, 2026

CVE-2014-7287 is a vulnerability of currently unknown severity. The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header.. EPSS estimates a 1.11% chance of exploitation in the next 30 days.

Description

The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header.

Metrics

EPSS Probability

1.11%

61.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-74

Affected Software

Vendor	Product	Versions	Update
Symantec	Encryption Management Server	<= 3.3.2	Mp6
Symantec	Pgp Universal Server	<= 3.3.2	Mp6

References

http://www.securityfocus.com/bid/72307Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1031673
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/100762
http://www.securityfocus.com/bid/72307Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1031673
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/100762

Timeline

Published: Feb 1, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-7287?

How severe is CVE-2014-7287?

Severity scoring for CVE-2014-7287 is pending analysis. The EPSS model estimates a 1.11% probability of exploitation in the next 30 days.

How do I fix CVE-2014-7287?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-7287?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST