Unrated severityNVD Advisory· Published Apr 18, 2014· Updated May 6, 2026

CVE-2013-7369

Description

SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to GetCommand.

Affected products

F-Secure/Anti Virus4 versions
cpe:2.3:a:f-secure:anti-virus:9.00:*:*:*:*:citrix_servers:*:*+ 3 more
- cpe:2.3:a:f-secure:anti-virus:9.00:*:*:*:*:citrix_servers:*:*
- cpe:2.3:a:f-secure:anti-virus:9.00:*:*:*:*:exchange_server:*:*
- cpe:2.3:a:f-secure:anti-virus:9.00:*:*:*:*:windows_server:*:*
- cpe:2.3:a:f-secure:anti-virus:9.10:*:*:*:*:exchange_server:*:*
F-Secure/Email And Server Security
cpe:2.3:a:f-secure:email_and_server_security:9.20:*:*:*:*:*:*:*
F-Secure/Server Security
cpe:2.3:a:f-secure:server_security:9.20:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.f-secure.com/en/web/labs_global/fsc-2013-1nvdVendor Advisory
www.zerodayinitiative.com/advisories/ZDI-13-095/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000