Computer Security
[EN] securityvulns.ru no-pyccku


Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP security vulnerabilities
Published:25.01.2015
Source:
SecurityVulns ID:14238
Type:remote
Threat Level:
6/10
Description:SQL injections, crossite scripting, information disclosure, protection bypass.
Affected:SYMANTEC : Symantec Data Center Security: Server Advanced 6.0
 SYMANTEC : Symantec Critical System Protection 5.2
CVE:CVE-2014-9226 (The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.)
 CVE-2014-9225 (The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.)
 CVE-2014-9224 (Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2014-7289 (SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP (25.01.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod