Vulnerabilites related to broadcom - symantec_critical_system_protection
cve-2019-18374
Vulnerability from cvelistv5
Published
2019-11-25 16:22
Modified
2024-08-05 01:54
Severity ?
Summary
Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls.
References
Impacted products
Vendor Product Version
Symantec Critical System Protection (CSP) Version: 8.0
Version: 8.0 HF1
Version: 8.0 MP1
Create a notification for this product.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T01:54:14.052Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.symantec.com/us/en/article.SYMSA1498.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Critical System Protection (CSP)",
               vendor: "Symantec",
               versions: [
                  {
                     status: "affected",
                     version: "8.0",
                  },
                  {
                     status: "affected",
                     version: "8.0 HF1",
                  },
                  {
                     status: "affected",
                     version: "8.0 MP1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Authentication Bypass",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-11-25T16:22:15",
            orgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            shortName: "symantec",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.symantec.com/us/en/article.SYMSA1498.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@symantec.com",
               ID: "CVE-2019-18374",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Critical System Protection (CSP)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "8.0",
                                       },
                                       {
                                          version_value: "8.0 HF1",
                                       },
                                       {
                                          version_value: "8.0 MP1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Symantec",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Authentication Bypass",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.symantec.com/us/en/article.SYMSA1498.html",
                     refsource: "CONFIRM",
                     url: "https://support.symantec.com/us/en/article.SYMSA1498.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
      assignerShortName: "symantec",
      cveId: "CVE-2019-18374",
      datePublished: "2019-11-25T16:22:15",
      dateReserved: "2019-10-23T00:00:00",
      dateUpdated: "2024-08-05T01:54:14.052Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-9226
Vulnerability from cvelistv5
Published
2015-01-21 11:00
Modified
2024-08-06 13:40
Severity ?
Summary
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:40:23.891Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
               },
               {
                  name: "72095",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/72095",
               },
               {
                  name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
               },
               {
                  name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2015/Jan/91",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-01-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-09T18:57:01",
            orgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            shortName: "symantec",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
            },
            {
               name: "72095",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/72095",
            },
            {
               name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
            },
            {
               name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2015/Jan/91",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@symantec.com",
               ID: "CVE-2014-9226",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
                     refsource: "CONFIRM",
                     url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
                  },
                  {
                     name: "72095",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/72095",
                  },
                  {
                     name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
                  },
                  {
                     name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2015/Jan/91",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
      assignerShortName: "symantec",
      cveId: "CVE-2014-9226",
      datePublished: "2015-01-21T11:00:00",
      dateReserved: "2014-12-03T00:00:00",
      dateUpdated: "2024-08-06T13:40:23.891Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-9225
Vulnerability from cvelistv5
Published
2015-01-21 11:00
Modified
2024-08-06 13:40
Severity ?
Summary
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:40:24.001Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
               },
               {
                  name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
               },
               {
                  name: "72094",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/72094",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
               },
               {
                  name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2015/Jan/91",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-01-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-09T18:57:01",
            orgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            shortName: "symantec",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
            },
            {
               name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
            },
            {
               name: "72094",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/72094",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
            },
            {
               name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2015/Jan/91",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@symantec.com",
               ID: "CVE-2014-9225",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
                     refsource: "CONFIRM",
                     url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
                  },
                  {
                     name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
                  },
                  {
                     name: "72094",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/72094",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
                  },
                  {
                     name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2015/Jan/91",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
      assignerShortName: "symantec",
      cveId: "CVE-2014-9225",
      datePublished: "2015-01-21T11:00:00",
      dateReserved: "2014-12-03T00:00:00",
      dateUpdated: "2024-08-06T13:40:24.001Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-8798
Vulnerability from cvelistv5
Published
2016-06-08 14:00
Modified
2024-08-06 08:29
Severity ?
Summary
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T08:29:22.024Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
               },
               {
                  name: "90884",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/90884",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-06-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-08T12:57:01",
            orgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            shortName: "symantec",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
            },
            {
               name: "90884",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/90884",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@symantec.com",
               ID: "CVE-2015-8798",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
                     refsource: "CONFIRM",
                     url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
                  },
                  {
                     name: "90884",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/90884",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
      assignerShortName: "symantec",
      cveId: "CVE-2015-8798",
      datePublished: "2016-06-08T14:00:00",
      dateReserved: "2016-02-02T00:00:00",
      dateUpdated: "2024-08-06T08:29:22.024Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-8157
Vulnerability from cvelistv5
Published
2016-06-08 14:00
Modified
2024-08-06 08:13
Severity ?
Summary
SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T08:13:31.691Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "90889",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/90889",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-06-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-08T12:57:01",
            orgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            shortName: "symantec",
         },
         references: [
            {
               name: "90889",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/90889",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@symantec.com",
               ID: "CVE-2015-8157",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "90889",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/90889",
                  },
                  {
                     name: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
                     refsource: "CONFIRM",
                     url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
      assignerShortName: "symantec",
      cveId: "CVE-2015-8157",
      datePublished: "2016-06-08T14:00:00",
      dateReserved: "2015-11-13T00:00:00",
      dateUpdated: "2024-08-06T08:13:31.691Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-7289
Vulnerability from cvelistv5
Published
2015-01-21 11:00
Modified
2024-08-06 12:47
Severity ?
Summary
SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T12:47:32.494Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
               },
               {
                  name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
               },
               {
                  name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2015/Jan/91",
               },
               {
                  name: "72092",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/72092",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-01-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-09T18:57:01",
            orgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            shortName: "symantec",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
            },
            {
               name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
            },
            {
               name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2015/Jan/91",
            },
            {
               name: "72092",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/72092",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@symantec.com",
               ID: "CVE-2014-7289",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
                     refsource: "CONFIRM",
                     url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
                  },
                  {
                     name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
                  },
                  {
                     name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2015/Jan/91",
                  },
                  {
                     name: "72092",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/72092",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
      assignerShortName: "symantec",
      cveId: "CVE-2014-7289",
      datePublished: "2015-01-21T11:00:00",
      dateReserved: "2014-10-02T00:00:00",
      dateUpdated: "2024-08-06T12:47:32.494Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-8800
Vulnerability from cvelistv5
Published
2016-06-08 14:00
Modified
2024-08-06 08:29
Severity ?
Summary
Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T08:29:22.044Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
               },
               {
                  name: "90886",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/90886",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-06-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-08T12:57:01",
            orgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            shortName: "symantec",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
            },
            {
               name: "90886",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/90886",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@symantec.com",
               ID: "CVE-2015-8800",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
                     refsource: "CONFIRM",
                     url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
                  },
                  {
                     name: "90886",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/90886",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
      assignerShortName: "symantec",
      cveId: "CVE-2015-8800",
      datePublished: "2016-06-08T14:00:00",
      dateReserved: "2016-02-02T00:00:00",
      dateUpdated: "2024-08-06T08:29:22.044Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-5016
Vulnerability from cvelistv5
Published
2014-05-08 10:00
Modified
2024-08-06 16:59
Severity ?
Summary
Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:59:41.293Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "67161",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/67161",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140502_00",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-05-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-05-08T07:57:00",
            orgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            shortName: "symantec",
         },
         references: [
            {
               name: "67161",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/67161",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140502_00",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@symantec.com",
               ID: "CVE-2013-5016",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "67161",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/67161",
                  },
                  {
                     name: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140502_00",
                     refsource: "CONFIRM",
                     url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140502_00",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
      assignerShortName: "symantec",
      cveId: "CVE-2013-5016",
      datePublished: "2014-05-08T10:00:00",
      dateReserved: "2013-07-29T00:00:00",
      dateUpdated: "2024-08-06T16:59:41.293Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3440
Vulnerability from cvelistv5
Published
2015-01-21 11:00
Modified
2024-08-06 10:43
Severity ?
Summary
The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:43:05.835Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
               },
               {
                  name: "20150509 CVE-2014-3440 - Symantec Critical System Protection RCE",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2015/May/39",
               },
               {
                  name: "72091",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/72091",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-01-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-30T15:57:01",
            orgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            shortName: "symantec",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
            },
            {
               name: "20150509 CVE-2014-3440 - Symantec Critical System Protection RCE",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2015/May/39",
            },
            {
               name: "72091",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/72091",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@symantec.com",
               ID: "CVE-2014-3440",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
                     refsource: "CONFIRM",
                     url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
                  },
                  {
                     name: "20150509 CVE-2014-3440 - Symantec Critical System Protection RCE",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2015/May/39",
                  },
                  {
                     name: "72091",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/72091",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
      assignerShortName: "symantec",
      cveId: "CVE-2014-3440",
      datePublished: "2015-01-21T11:00:00",
      dateReserved: "2014-05-09T00:00:00",
      dateUpdated: "2024-08-06T10:43:05.835Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-8799
Vulnerability from cvelistv5
Published
2016-06-08 14:00
Modified
2024-08-06 08:29
Severity ?
Summary
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T08:29:21.997Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
               },
               {
                  name: "90885",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/90885",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-06-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-08T12:57:01",
            orgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            shortName: "symantec",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
            },
            {
               name: "90885",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/90885",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@symantec.com",
               ID: "CVE-2015-8799",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
                     refsource: "CONFIRM",
                     url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
                  },
                  {
                     name: "90885",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/90885",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
      assignerShortName: "symantec",
      cveId: "CVE-2015-8799",
      datePublished: "2016-06-08T14:00:00",
      dateReserved: "2016-02-02T00:00:00",
      dateUpdated: "2024-08-06T08:29:21.997Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-9224
Vulnerability from cvelistv5
Published
2015-01-21 11:00
Modified
2024-08-06 13:40
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:40:24.641Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
               },
               {
                  name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
               },
               {
                  name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2015/Jan/91",
               },
               {
                  name: "72093",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/72093",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-01-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-09T18:57:01",
            orgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            shortName: "symantec",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
            },
            {
               name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
            },
            {
               name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2015/Jan/91",
            },
            {
               name: "72093",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/72093",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@symantec.com",
               ID: "CVE-2014-9224",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
                     refsource: "CONFIRM",
                     url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
                  },
                  {
                     name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
                  },
                  {
                     name: "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2015/Jan/91",
                  },
                  {
                     name: "72093",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/72093",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
      assignerShortName: "symantec",
      cveId: "CVE-2014-9224",
      datePublished: "2015-01-21T11:00:00",
      dateReserved: "2014-12-03T00:00:00",
      dateUpdated: "2024-08-06T13:40:24.641Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2015-01-21 15:17
Modified
2024-11-21 02:08
Severity ?
Summary
The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_critical_system_protection:5.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "4376B4E1-D8F4-4637-A884-B67DB2856976",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:symantec:data_center_security:6.0.0:*:*:*:server_advanced:*:*:*",
                     matchCriteriaId: "6D34F7FE-41FE-4C25-A680-E968AF454770",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.",
      },
      {
         lang: "es",
         value: "La interfaz de control de agente en el servidor de administración en Symantec Critical System Protection (SCSP) 5.2.9 anterior a MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x anterior a 6.0 MP1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios mediante el aprovechamiento del sistema de acceso de cliente para cargar un fichero de log.",
      },
   ],
   id: "CVE-2014-3440",
   lastModified: "2024-11-21T02:08:06.057",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "COMPLETE",
               baseScore: 9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-01-21T15:17:00.057",
   references: [
      {
         source: "secure@symantec.com",
         url: "http://seclists.org/fulldisclosure/2015/May/39",
      },
      {
         source: "secure@symantec.com",
         url: "http://www.securityfocus.com/bid/72091",
      },
      {
         source: "secure@symantec.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/fulldisclosure/2015/May/39",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/72091",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
      },
   ],
   sourceIdentifier: "secure@symantec.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-01-21 15:17
Modified
2024-11-21 02:16
Severity ?
Summary
SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_critical_system_protection:5.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "4376B4E1-D8F4-4637-A884-B67DB2856976",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:symantec:data_center_security:6.0.0:*:*:*:server_advanced:*:*:*",
                     matchCriteriaId: "6D34F7FE-41FE-4C25-A680-E968AF454770",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de inyección SQL en la administración del servidor en Symantec Critical System Protection (SCSP) 5.2.9 anterior a MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x anterior a 6.0 MP1 permite usuarios remotos autenticados ejecutar comandos arbitrarios SQL a través de peticiones HTTP modificadas.",
      },
   ],
   id: "CVE-2014-7289",
   lastModified: "2024-11-21T02:16:41.490",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-01-21T15:17:02.353",
   references: [
      {
         source: "secure@symantec.com",
         url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
      },
      {
         source: "secure@symantec.com",
         url: "http://seclists.org/fulldisclosure/2015/Jan/91",
      },
      {
         source: "secure@symantec.com",
         url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
      },
      {
         source: "secure@symantec.com",
         url: "http://www.securityfocus.com/bid/72092",
      },
      {
         source: "secure@symantec.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/fulldisclosure/2015/Jan/91",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/72092",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
      },
   ],
   sourceIdentifier: "secure@symantec.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-05-08 10:55
Modified
2024-11-21 01:56
Severity ?
Summary
Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_critical_system_protection:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D72CD8B7-5AC3-4C9F-8D29-6097852B2AB5",
                     versionEndIncluding: "5.2.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_2003_server:*:r2:*:*:*:*:*:*",
                     matchCriteriaId: "7A83A9DC-224F-4887-A4AE-9071B081AE37",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Symantec Critical System Protection (SCSP) anterior a 5.2.9, cuando se instala en una plataforma R2 de Windows Server 2003 sin parches , permite a atacantes remotos evadir configuraciones de política a través de vectores no especificados.",
      },
   ],
   id: "CVE-2013-5016",
   lastModified: "2024-11-21T01:56:54.233",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.6,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:H/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-05-08T10:55:02.840",
   references: [
      {
         source: "secure@symantec.com",
         url: "http://www.securityfocus.com/bid/67161",
      },
      {
         source: "secure@symantec.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140502_00",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/67161",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140502_00",
      },
   ],
   sourceIdentifier: "secure@symantec.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-06-08 14:59
Modified
2024-11-21 02:39
Summary
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_critical_system_protection:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "250C7F02-77FB-4F1B-B109-F4367CBC8667",
                     versionEndIncluding: "5.2.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_data_center_security_server:*:*:*:*:advanced:*:*:*",
                     matchCriteriaId: "1A0FE51C-CE1E-4595-B03A-35E2C1BA9229",
                     versionEndExcluding: "6.5.0",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_data_center_security_server:6.5.0:-:*:*:advanced:*:*:*",
                     matchCriteriaId: "0C909554-4361-4C0B-96BA-9E0825B08FDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_data_center_security_server:6.6.0:*:*:*:advanced:*:*:*",
                     matchCriteriaId: "763B119A-55D0-46B1-89A7-2FB2A7499CFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_data_center_security_server_and_agents:6.6.0:*:*:*:advanced:*:*:*",
                     matchCriteriaId: "DAE82126-DDBC-4DD5-A369-CFF47BC0B9C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:broadcom:symantec_embedded_security_critical_system_protection:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE99D18B-5E30-458B-9052-499F86F1874A",
                     versionEndIncluding: "1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:broadcom:symantec_embedded_security_critical_system_protection_for_controllers_and_devices:6.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "63D28DA7-8880-4A84-8FCB-EE6D8F9964C0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de salto de directorio en el Management Server en Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x en versiones anteriores a 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 en versiones anteriores a MP1, Critical System Protection (SCSP) en versiones anteriores a 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x en versiones anteriores a 6.5 MP1 y 6.6 en versiones anteriores a MP1 y Data Center Security: Server Advanced Server y Agents (DCS:SA) hasta la versión 6.6 MP1 permite a usuarios remotos autenticados escribir los datos de actualización de paquete en localizaciones de agentes arbitrarias a través de vectores no especificados.",
      },
   ],
   id: "CVE-2015-8799",
   lastModified: "2024-11-21T02:39:13.400",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.1,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:H/Au:S/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-06-08T14:59:09.793",
   references: [
      {
         source: "secure@symantec.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/90885",
      },
      {
         source: "secure@symantec.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/90885",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
      },
   ],
   sourceIdentifier: "secure@symantec.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-06-08 14:59
Modified
2024-11-21 02:38
Summary
SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_critical_system_protection:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "250C7F02-77FB-4F1B-B109-F4367CBC8667",
                     versionEndIncluding: "5.2.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_data_center_security_server:6.5.0:*:*:*:advanced:*:*:*",
                     matchCriteriaId: "250A6EC4-E131-4507-A79E-9D56F72B73B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_data_center_security_server:6.6.0:*:*:*:advanced:*:*:*",
                     matchCriteriaId: "763B119A-55D0-46B1-89A7-2FB2A7499CFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_data_center_security_server_and_agents:*:*:*:*:advanced:*:*:*",
                     matchCriteriaId: "7EB542EB-0E7F-4C16-8E59-D86E8503C8B6",
                     versionEndIncluding: "6.6.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:broadcom:symantec_embedded_security_critical_system_protection:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE99D18B-5E30-458B-9052-499F86F1874A",
                     versionEndIncluding: "1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:broadcom:symantec_embedded_security_critical_system_protection_for_controllers_and_devices:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B25E70B-5211-44AD-889C-EACB3EC9ADB3",
                     versionEndIncluding: "6.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de inyección SQL en el Management Server en Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x en versiones anteriores a 1.0 MP5, Embedded Security: Critical System Protection for Controllers y Devices (SES:CSP) 6.5.0 en versiones anteriores a MP1, Critical System Protection (SCSP) en versiones anteriores a 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x en versiones anteriores a 6.5 MP1 y 6.6 en versiones anteriores a MP1 y Data Center Security: Server Advanced Server y Agents (DCS:SA) hasta la versión 6.6 MP1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados.",
      },
   ],
   id: "CVE-2015-8157",
   lastModified: "2024-11-21T02:38:04.910",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-06-08T14:59:00.933",
   references: [
      {
         source: "secure@symantec.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/90889",
      },
      {
         source: "secure@symantec.com",
         tags: [
            "Technical Description",
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/90889",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Technical Description",
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
      },
   ],
   sourceIdentifier: "secure@symantec.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-06-08 14:59
Modified
2024-11-21 02:39
Summary
Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_critical_system_protection:5.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "4376B4E1-D8F4-4637-A884-B67DB2856976",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_data_center_security_server:6.5.0:*:*:*:advanced:*:*:*",
                     matchCriteriaId: "250A6EC4-E131-4507-A79E-9D56F72B73B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_data_center_security_server:6.6.0:*:*:*:advanced:*:*:*",
                     matchCriteriaId: "763B119A-55D0-46B1-89A7-2FB2A7499CFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_data_center_security_server_and_agents:6.6.0:*:*:*:advanced:*:*:*",
                     matchCriteriaId: "DAE82126-DDBC-4DD5-A369-CFF47BC0B9C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:broadcom:symantec_embedded_security_critical_system_protection:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4D3DC94-D0B9-474D-992E-8985A1D590FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:broadcom:symantec_embedded_security_critical_system_protection_for_controllers_and_devices:6.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "63D28DA7-8880-4A84-8FCB-EE6D8F9964C0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.",
      },
      {
         lang: "es",
         value: "Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x en versiones anteriores a 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 en versiones anteriores a MP1, Critical System Protection (SCSP) en versiones anteriores a 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x en versiones anteriores a 6.5 MP1 y 6.6 en versiones anteriores a MP1 y Data Center Security: Server Advanced Server and Agents (DCS:SA) hasta la versión 6.6 MP1 permite a usuarios remotos autenticados llevar a cabo ataques de inyección de argumento aprovechando ciertos accesos de canalización nombrada.",
      },
   ],
   id: "CVE-2015-8800",
   lastModified: "2024-11-21T02:39:13.510",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.9,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.3,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-06-08T14:59:11.233",
   references: [
      {
         source: "secure@symantec.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/90886",
      },
      {
         source: "secure@symantec.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/90886",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
      },
   ],
   sourceIdentifier: "secure@symantec.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-74",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-01-21 15:17
Modified
2024-11-21 02:20
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_critical_system_protection:5.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "4376B4E1-D8F4-4637-A884-B67DB2856976",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:symantec:data_center_security:6.0.0:*:*:*:server_advanced:*:*:*",
                     matchCriteriaId: "6D34F7FE-41FE-4C25-A680-E968AF454770",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad XSS en la WebUI ajaxswing en el servidor Management Console en la administración del servidor en Symantec Critical System Protection (SCSP) 5.2.9 a través de MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x a través 6.0 MP1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados.",
      },
   ],
   id: "CVE-2014-9224",
   lastModified: "2024-11-21T02:20:26.030",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 3.5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2015-01-21T15:17:05.747",
   references: [
      {
         source: "secure@symantec.com",
         url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
      },
      {
         source: "secure@symantec.com",
         url: "http://seclists.org/fulldisclosure/2015/Jan/91",
      },
      {
         source: "secure@symantec.com",
         url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
      },
      {
         source: "secure@symantec.com",
         url: "http://www.securityfocus.com/bid/72093",
      },
      {
         source: "secure@symantec.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/fulldisclosure/2015/Jan/91",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/72093",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
      },
   ],
   sourceIdentifier: "secure@symantec.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-01-21 15:17
Modified
2024-11-21 02:20
Severity ?
Summary
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_critical_system_protection:5.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "4376B4E1-D8F4-4637-A884-B67DB2856976",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:symantec:data_center_security:6.0.0:*:*:*:server_advanced:*:*:*",
                     matchCriteriaId: "6D34F7FE-41FE-4C25-A680-E968AF454770",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.",
      },
      {
         lang: "es",
         value: "La webui ajaxswing en la administración del servidor en Symantec Critical System Protection (SCSP) 5.2.9 a través de MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x a través de 6.0 MP1 permite a usuarios remotos autenticados obtener información del servidor sensible a través de vectores no especificados.",
      },
   ],
   id: "CVE-2014-9225",
   lastModified: "2024-11-21T02:20:26.143",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-01-21T15:17:06.777",
   references: [
      {
         source: "secure@symantec.com",
         url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
      },
      {
         source: "secure@symantec.com",
         url: "http://seclists.org/fulldisclosure/2015/Jan/91",
      },
      {
         source: "secure@symantec.com",
         url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
      },
      {
         source: "secure@symantec.com",
         url: "http://www.securityfocus.com/bid/72094",
      },
      {
         source: "secure@symantec.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/fulldisclosure/2015/Jan/91",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/72094",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
      },
   ],
   sourceIdentifier: "secure@symantec.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-06-08 14:59
Modified
2024-11-21 02:39
Summary
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_critical_system_protection:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "250C7F02-77FB-4F1B-B109-F4367CBC8667",
                     versionEndIncluding: "5.2.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_data_center_security_server:6.5.0:*:*:*:advanced:*:*:*",
                     matchCriteriaId: "250A6EC4-E131-4507-A79E-9D56F72B73B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_data_center_security_server:6.6.0:*:*:*:advanced:*:*:*",
                     matchCriteriaId: "763B119A-55D0-46B1-89A7-2FB2A7499CFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_data_center_security_server_and_agents:*:*:*:*:advanced:*:*:*",
                     matchCriteriaId: "7EB542EB-0E7F-4C16-8E59-D86E8503C8B6",
                     versionEndIncluding: "6.6.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:broadcom:symantec_embedded_security_critical_system_protection:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE99D18B-5E30-458B-9052-499F86F1874A",
                     versionEndIncluding: "1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:broadcom:symantec_embedded_security_critical_system_protection_for_controllers_and_devices:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B25E70B-5211-44AD-889C-EACB3EC9ADB3",
                     versionEndIncluding: "6.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de salto de directorio en el Management Server en Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x en versiones anteriores a 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 en versiones anteriores a MP1, Critical System Protection (SCSP) en versiones anteriores a 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x en versiones anteriores a 6.5 MP1 y 6.6 en versiones anteriores a MP1 y Data Center Security: Server Advanced Server and Agents (DCS:SA) hasta la versión 6.6 MP1 permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados.",
      },
   ],
   id: "CVE-2015-8798",
   lastModified: "2024-11-21T02:39:13.290",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "ADJACENT_NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.7,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:A/AC:L/Au:S/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 5.1,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-06-08T14:59:06.683",
   references: [
      {
         source: "secure@symantec.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/90884",
      },
      {
         source: "secure@symantec.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/90884",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
      },
   ],
   sourceIdentifier: "secure@symantec.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-11-25 17:15
Modified
2024-11-21 04:33
Severity ?
Summary
Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_critical_system_protection:8.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EDDDFAE-C77B-4155-9D67-EFE5B0969184",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_critical_system_protection:8.0.0:hotfix1:*:*:*:*:*:*",
                     matchCriteriaId: "B05D54C6-88FE-48EE-A1CA-15382DAAE449",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_critical_system_protection:8.0.0:mp1:*:*:*:*:*:*",
                     matchCriteriaId: "F67CF1FA-173C-438F-81D1-1DF6A47962C7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls.",
      },
      {
         lang: "es",
         value: "Symantec Critical System Protection (CSP), versiones 8.0, 8.0 HF1 y 8.0 MP1, pueden ser susceptibles a una vulnerabilidad de omisión de autenticación, que es un tipo de problema que puede potencialmente permitir a un actor de amenazas omitir los controles de autenticación existentes.",
      },
   ],
   id: "CVE-2019-18374",
   lastModified: "2024-11-21T04:33:09.520",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-11-25T17:15:11.823",
   references: [
      {
         source: "secure@symantec.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.symantec.com/us/en/article.SYMSA1498.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.symantec.com/us/en/article.SYMSA1498.html",
      },
   ],
   sourceIdentifier: "secure@symantec.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-01-21 15:17
Modified
2024-11-21 02:20
Severity ?
Summary
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:broadcom:symantec_critical_system_protection:5.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "4376B4E1-D8F4-4637-A884-B67DB2856976",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:symantec:data_center_security:6.0.0:*:*:*:server_advanced:*:*:*",
                     matchCriteriaId: "6D34F7FE-41FE-4C25-A680-E968AF454770",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.",
      },
      {
         lang: "es",
         value: "La administración del servidor en Symantec Critical System Protection (SCSP) 5.2.9 a través de MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x a través de 6.0 MP1 permite a usuarios locales evitar Políticas de Protección intencionadas a través de vectores sin especificar.",
      },
   ],
   id: "CVE-2014-9226",
   lastModified: "2024-11-21T02:20:26.260",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-01-21T15:17:07.713",
   references: [
      {
         source: "secure@symantec.com",
         url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
      },
      {
         source: "secure@symantec.com",
         url: "http://seclists.org/fulldisclosure/2015/Jan/91",
      },
      {
         source: "secure@symantec.com",
         url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
      },
      {
         source: "secure@symantec.com",
         url: "http://www.securityfocus.com/bid/72095",
      },
      {
         source: "secure@symantec.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/fulldisclosure/2015/Jan/91",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/534527/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/72095",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
      },
   ],
   sourceIdentifier: "secure@symantec.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}