Lucene search

SymantecCVE-2016-2205

HistoryJul 12, 2016 - 2:00 a.m.

CVE-2016-2205

2016-07-1202:00:05

CWE-22

symantec

web.nvd.nist.gov

cve-2016-2205

directory traversal

symantec

workspace streaming

workspace virtualization

vulnerability

nvd

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:C/I:N/A:N

CVSS3

5.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.002

Percentile

51.8%

JSON

Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors.

Affected configurations

Nvd

Node

symantecworkspace_streamingMatch7.5.0

symantecworkspace_streamingMatch7.5.0sp1

symantecworkspace_streamingMatch7.6.0

symantecworkspace_virtualizationMatch7.5.0

symantecworkspace_virtualizationMatch7.5.0sp1

symantecworkspace_virtualizationMatch7.6.0

VendorProductVersionCPE
symantecworkspace_streaming7.5.0cpe:2.3:a:symantec:workspace_streaming:7.5.0:*:*:*:*:*:*:*
symantecworkspace_streaming7.5.0cpe:2.3:a:symantec:workspace_streaming:7.5.0:sp1:*:*:*:*:*:*
symantecworkspace_streaming7.6.0cpe:2.3:a:symantec:workspace_streaming:7.6.0:*:*:*:*:*:*:*
symantecworkspace_virtualization7.5.0cpe:2.3:a:symantec:workspace_virtualization:7.5.0:*:*:*:*:*:*:*
symantecworkspace_virtualization7.5.0cpe:2.3:a:symantec:workspace_virtualization:7.5.0:sp1:*:*:*:*:*:*
symantecworkspace_virtualization7.6.0cpe:2.3:a:symantec:workspace_virtualization:7.6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	workspace_streaming	7.5.0	cpe:2.3:a:symantec:workspace_streaming:7.5.0:::::::*
symantec	workspace_streaming	7.5.0	cpe:2.3:a:symantec:workspace_streaming:7.5.0:sp1::::::
symantec	workspace_streaming	7.6.0	cpe:2.3:a:symantec:workspace_streaming:7.6.0:::::::*
symantec	workspace_virtualization	7.5.0	cpe:2.3:a:symantec:workspace_virtualization:7.5.0:::::::*
symantec	workspace_virtualization	7.5.0	cpe:2.3:a:symantec:workspace_virtualization:7.5.0:sp1::::::
symantec	workspace_virtualization	7.6.0	cpe:2.3:a:symantec:workspace_virtualization:7.6.0:::::::*

References

www.securityfocus.com/bid/89395

www.securitytracker.com/id/1036262

www.securitytracker.com/id/1036263

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00

Social References

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:C/I:N/A:N

CVSS3

5.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.002

Percentile

51.8%

JSON

Related for CVE-2016-2205