Search
Find a vulnerability
Search criteria
10 vulnerabilities found for workspace_streaming by symantec
CVE-2016-2206 (GCVE-0-2016-2206)
Vulnerability from nvd – Published: 2016-07-12 01:00 – Updated: 2024-08-05 23:24
VLAI
Summary
The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.symantec.com/security_response/securit… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1036263 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1036262 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/89394 | vdb-entryx_refsource_BID |
Date Public
2016-07-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
},
{
"name": "1036263",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036263"
},
{
"name": "1036262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036262"
},
{
"name": "89394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89394"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
},
{
"name": "1036263",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036263"
},
{
"name": "1036262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036262"
},
{
"name": "89394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89394"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-2206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
},
{
"name": "1036263",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036263"
},
{
"name": "1036262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036262"
},
{
"name": "89394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89394"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-2206",
"datePublished": "2016-07-12T01:00:00.000Z",
"dateReserved": "2016-02-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2205 (GCVE-0-2016-2205)
Vulnerability from nvd – Published: 2016-07-12 01:00 – Updated: 2024-08-05 23:24
VLAI
Summary
Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.symantec.com/security_response/securit… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/89395 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1036263 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1036262 | vdb-entryx_refsource_SECTRACK |
Date Public
2016-07-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
},
{
"name": "89395",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89395"
},
{
"name": "1036263",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036263"
},
{
"name": "1036262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
},
{
"name": "89395",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89395"
},
{
"name": "1036263",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036263"
},
{
"name": "1036262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-2205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
},
{
"name": "89395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89395"
},
{
"name": "1036263",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036263"
},
{
"name": "1036262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-2205",
"datePublished": "2016-07-12T01:00:00.000Z",
"dateReserved": "2016-02-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1484 (GCVE-0-2015-1484)
Vulnerability from nvd – Published: 2015-04-22 10:00 – Updated: 2024-08-06 04:47
VLAI
Summary
Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1032133 | vdb-entryx_refsource_SECTRACK |
| http://www.symantec.com/security_response/securit… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/73925 | vdb-entryx_refsource_BID |
Date Public
2015-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:17.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032133",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032133"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150410_00"
},
{
"name": "73925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1032133",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032133"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150410_00"
},
{
"name": "73925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-1484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032133",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032133"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150410_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150410_00"
},
{
"name": "73925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-1484",
"datePublished": "2015-04-22T10:00:00.000Z",
"dateReserved": "2015-02-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:47:17.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1649 (GCVE-0-2014-1649)
Vulnerability from nvd – Published: 2014-05-16 10:00 – Updated: 2024-08-06 09:50
VLAI
Summary
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://zerodayinitiative.com/advisories/ZDI-14-127/ | x_refsource_MISC |
| http://www.securityfocus.com/bid/67189 | vdb-entryx_refsource_BID |
| http://www.symantec.com/security_response/securit… | x_refsource_CONFIRM |
| http://www.exploit-db.com/exploits/33521 | exploitx_refsource_EXPLOIT-DB |
Date Public
2014-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:11.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-127/"
},
{
"name": "67189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67189"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140512_00"
},
{
"name": "33521",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/33521"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-22T19:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-127/"
},
{
"name": "67189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67189"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140512_00"
},
{
"name": "33521",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/33521"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-1649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-14-127/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-127/"
},
{
"name": "67189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67189"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140512_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140512_00"
},
{
"name": "33521",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33521"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-1649",
"datePublished": "2014-05-16T10:00:00.000Z",
"dateReserved": "2014-01-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:50:11.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4389 (GCVE-0-2008-4389)
Vulnerability from nvd – Published: 2010-06-17 16:00 – Updated: 2024-08-07 10:17
VLAI
Summary
Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/40611 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2010/1511 | vdb-entryx_refsource_VUPEN |
| http://www.kb.cert.org/vuls/id/221257 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/40233 | third-party-advisoryx_refsource_SECUNIA |
| http://www.symantec.com/security_response/securit… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40611",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40611"
},
{
"name": "ADV-2010-1511",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1511"
},
{
"name": "VU#221257",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/221257"
},
{
"name": "40233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40233"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100616_00"
},
{
"name": "symantec-appstream-download-ce(59504)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59504"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "40611",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40611"
},
{
"name": "ADV-2010-1511",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1511"
},
{
"name": "VU#221257",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/221257"
},
{
"name": "40233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40233"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100616_00"
},
{
"name": "symantec-appstream-download-ce(59504)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59504"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2008-4389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40611"
},
{
"name": "ADV-2010-1511",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1511"
},
{
"name": "VU#221257",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/221257"
},
{
"name": "40233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40233"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100616_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100616_00"
},
{
"name": "symantec-appstream-download-ce(59504)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59504"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2008-4389",
"datePublished": "2010-06-17T16:00:00.000Z",
"dateReserved": "2008-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:17:09.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2206 (GCVE-0-2016-2206)
Vulnerability from cvelistv5 – Published: 2016-07-12 01:00 – Updated: 2024-08-05 23:24
VLAI
Summary
The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.symantec.com/security_response/securit… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1036263 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1036262 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/89394 | vdb-entryx_refsource_BID |
Date Public
2016-07-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
},
{
"name": "1036263",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036263"
},
{
"name": "1036262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036262"
},
{
"name": "89394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89394"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
},
{
"name": "1036263",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036263"
},
{
"name": "1036262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036262"
},
{
"name": "89394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89394"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-2206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
},
{
"name": "1036263",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036263"
},
{
"name": "1036262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036262"
},
{
"name": "89394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89394"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-2206",
"datePublished": "2016-07-12T01:00:00.000Z",
"dateReserved": "2016-02-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2205 (GCVE-0-2016-2205)
Vulnerability from cvelistv5 – Published: 2016-07-12 01:00 – Updated: 2024-08-05 23:24
VLAI
Summary
Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.symantec.com/security_response/securit… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/89395 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1036263 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1036262 | vdb-entryx_refsource_SECTRACK |
Date Public
2016-07-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
},
{
"name": "89395",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89395"
},
{
"name": "1036263",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036263"
},
{
"name": "1036262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
},
{
"name": "89395",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/89395"
},
{
"name": "1036263",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036263"
},
{
"name": "1036262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-2205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
},
{
"name": "89395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89395"
},
{
"name": "1036263",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036263"
},
{
"name": "1036262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-2205",
"datePublished": "2016-07-12T01:00:00.000Z",
"dateReserved": "2016-02-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1484 (GCVE-0-2015-1484)
Vulnerability from cvelistv5 – Published: 2015-04-22 10:00 – Updated: 2024-08-06 04:47
VLAI
Summary
Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1032133 | vdb-entryx_refsource_SECTRACK |
| http://www.symantec.com/security_response/securit… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/73925 | vdb-entryx_refsource_BID |
Date Public
2015-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:17.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032133",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032133"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150410_00"
},
{
"name": "73925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1032133",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032133"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150410_00"
},
{
"name": "73925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-1484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032133",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032133"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150410_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150410_00"
},
{
"name": "73925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-1484",
"datePublished": "2015-04-22T10:00:00.000Z",
"dateReserved": "2015-02-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:47:17.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1649 (GCVE-0-2014-1649)
Vulnerability from cvelistv5 – Published: 2014-05-16 10:00 – Updated: 2024-08-06 09:50
VLAI
Summary
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://zerodayinitiative.com/advisories/ZDI-14-127/ | x_refsource_MISC |
| http://www.securityfocus.com/bid/67189 | vdb-entryx_refsource_BID |
| http://www.symantec.com/security_response/securit… | x_refsource_CONFIRM |
| http://www.exploit-db.com/exploits/33521 | exploitx_refsource_EXPLOIT-DB |
Date Public
2014-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:11.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-127/"
},
{
"name": "67189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67189"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140512_00"
},
{
"name": "33521",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/33521"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-22T19:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-127/"
},
{
"name": "67189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67189"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140512_00"
},
{
"name": "33521",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/33521"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-1649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-14-127/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-127/"
},
{
"name": "67189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67189"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140512_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140512_00"
},
{
"name": "33521",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33521"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-1649",
"datePublished": "2014-05-16T10:00:00.000Z",
"dateReserved": "2014-01-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:50:11.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4389 (GCVE-0-2008-4389)
Vulnerability from cvelistv5 – Published: 2010-06-17 16:00 – Updated: 2024-08-07 10:17
VLAI
Summary
Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/40611 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2010/1511 | vdb-entryx_refsource_VUPEN |
| http://www.kb.cert.org/vuls/id/221257 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/40233 | third-party-advisoryx_refsource_SECUNIA |
| http://www.symantec.com/security_response/securit… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40611",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40611"
},
{
"name": "ADV-2010-1511",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1511"
},
{
"name": "VU#221257",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/221257"
},
{
"name": "40233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40233"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100616_00"
},
{
"name": "symantec-appstream-download-ce(59504)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59504"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "40611",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40611"
},
{
"name": "ADV-2010-1511",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1511"
},
{
"name": "VU#221257",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/221257"
},
{
"name": "40233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40233"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100616_00"
},
{
"name": "symantec-appstream-download-ce(59504)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59504"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2008-4389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40611"
},
{
"name": "ADV-2010-1511",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1511"
},
{
"name": "VU#221257",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/221257"
},
{
"name": "40233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40233"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100616_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100616_00"
},
{
"name": "symantec-appstream-download-ce(59504)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59504"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2008-4389",
"datePublished": "2010-06-17T16:00:00.000Z",
"dateReserved": "2008-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:17:09.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}