Lucene search

[email protected]CVE-2014-1649

HistoryMay 16, 2014 - 11:12 a.m.

CVE-2014-1649

2014-05-1611:12:00

CWE-264

[email protected]

web.nvd.nist.gov

symantec

workspace streaming

sws

vulnerability

remote access

xmlrpc

https

nvd

cve-2014-1649

6.5 Medium

AI Score

Confidence

Low

7.9 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.

CPENameOperatorVersion
symantec:workspace_streamingsymantec workspace streamingeq6.1
symantec:workspace_streamingsymantec workspace streamingle7.5.0

CPE	Name	Operator	Version
symantec:workspace_streaming	symantec workspace streaming	eq	6.1
symantec:workspace_streaming	symantec workspace streaming	le	7.5.0

References

www.exploit-db.com/exploits/33521

www.securityfocus.com/bid/67189

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140512_00

zerodayinitiative.com/advisories/ZDI-14-127/

6.5 Medium

AI Score

Confidence

Low

7.9 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Related for CVE-2014-1649

packetstorm1 nessus1 zdi1 checkpoint_advisories2 prion1 openvas1 zdt1 cvelist1 symantec1