Search criteria
12 vulnerabilities found for data_center_security by symantec
CVE-2020-5832 (GCVE-0-2020-5832)
Vulnerability from nvd – Published: 2020-04-06 19:22 – Updated: 2024-08-04 08:39
VLAI?
Summary
Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
Severity ?
No CVSS data available.
CWE
- Privilege Escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Data Center Security Manager Component |
Affected:
6.8.2 (aka 6.8 MP2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Center Security Manager Component",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.8.2 (aka 6.8 MP2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-06T19:22:18",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2020-5832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Center Security Manager Component",
"version": {
"version_data": [
{
"version_value": "6.8.2 (aka 6.8 MP2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1750",
"refsource": "MISC",
"url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2020-5832",
"datePublished": "2020-04-06T19:22:18",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9226 (GCVE-0-2014-9226)
Vulnerability from nvd – Published: 2015-01-21 11:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:23.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "72095",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72095"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "72095",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72095"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-9226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "72095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72095"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-9226",
"datePublished": "2015-01-21T11:00:00",
"dateReserved": "2014-12-03T00:00:00",
"dateUpdated": "2024-08-06T13:40:23.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9225 (GCVE-0-2014-9225)
Vulnerability from nvd – Published: 2015-01-21 11:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"name": "72094",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72094"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"name": "72094",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72094"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-9225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"name": "72094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72094"
},
{
"name": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-9225",
"datePublished": "2015-01-21T11:00:00",
"dateReserved": "2014-12-03T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9224 (GCVE-0-2014-9224)
Vulnerability from nvd – Published: 2015-01-21 11:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
},
{
"name": "72093",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
},
{
"name": "72093",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-9224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
},
{
"name": "72093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-9224",
"datePublished": "2015-01-21T11:00:00",
"dateReserved": "2014-12-03T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7289 (GCVE-0-2014-7289)
Vulnerability from nvd – Published: 2015-01-21 11:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:32.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
},
{
"name": "72092",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72092"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
},
{
"name": "72092",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72092"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-7289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
},
{
"name": "72092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72092"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-7289",
"datePublished": "2015-01-21T11:00:00",
"dateReserved": "2014-10-02T00:00:00",
"dateUpdated": "2024-08-06T12:47:32.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3440 (GCVE-0-2014-3440)
Vulnerability from nvd – Published: 2015-01-21 11:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150509 CVE-2014-3440 - Symantec Critical System Protection RCE",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/May/39"
},
{
"name": "72091",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150509 CVE-2014-3440 - Symantec Critical System Protection RCE",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/May/39"
},
{
"name": "72091",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72091"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-3440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150509 CVE-2014-3440 - Symantec Critical System Protection RCE",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/39"
},
{
"name": "72091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72091"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-3440",
"datePublished": "2015-01-21T11:00:00",
"dateReserved": "2014-05-09T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5832 (GCVE-0-2020-5832)
Vulnerability from cvelistv5 – Published: 2020-04-06 19:22 – Updated: 2024-08-04 08:39
VLAI?
Summary
Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
Severity ?
No CVSS data available.
CWE
- Privilege Escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Data Center Security Manager Component |
Affected:
6.8.2 (aka 6.8 MP2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Center Security Manager Component",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.8.2 (aka 6.8 MP2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-06T19:22:18",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2020-5832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Center Security Manager Component",
"version": {
"version_data": [
{
"version_value": "6.8.2 (aka 6.8 MP2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1750",
"refsource": "MISC",
"url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2020-5832",
"datePublished": "2020-04-06T19:22:18",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9225 (GCVE-0-2014-9225)
Vulnerability from cvelistv5 – Published: 2015-01-21 11:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"name": "72094",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72094"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"name": "72094",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72094"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-9225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"name": "72094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72094"
},
{
"name": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-9225",
"datePublished": "2015-01-21T11:00:00",
"dateReserved": "2014-12-03T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9226 (GCVE-0-2014-9226)
Vulnerability from cvelistv5 – Published: 2015-01-21 11:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:23.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "72095",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72095"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "72095",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72095"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-9226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "72095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72095"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-9226",
"datePublished": "2015-01-21T11:00:00",
"dateReserved": "2014-12-03T00:00:00",
"dateUpdated": "2024-08-06T13:40:23.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9224 (GCVE-0-2014-9224)
Vulnerability from cvelistv5 – Published: 2015-01-21 11:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
},
{
"name": "72093",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
},
{
"name": "72093",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-9224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
},
{
"name": "72093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-9224",
"datePublished": "2015-01-21T11:00:00",
"dateReserved": "2014-12-03T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3440 (GCVE-0-2014-3440)
Vulnerability from cvelistv5 – Published: 2015-01-21 11:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150509 CVE-2014-3440 - Symantec Critical System Protection RCE",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/May/39"
},
{
"name": "72091",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150509 CVE-2014-3440 - Symantec Critical System Protection RCE",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/May/39"
},
{
"name": "72091",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72091"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-3440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150509 CVE-2014-3440 - Symantec Critical System Protection RCE",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/39"
},
{
"name": "72091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72091"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-3440",
"datePublished": "2015-01-21T11:00:00",
"dateReserved": "2014-05-09T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7289 (GCVE-0-2014-7289)
Vulnerability from cvelistv5 – Published: 2015-01-21 11:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:32.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
},
{
"name": "72092",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72092"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
},
{
"name": "72092",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72092"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-7289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150119_00"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) \u0026 SCSP",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
},
{
"name": "72092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72092"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-7289",
"datePublished": "2015-01-21T11:00:00",
"dateReserved": "2014-10-02T00:00:00",
"dateUpdated": "2024-08-06T12:47:32.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}