Symantec Data Center Security - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities products: Symantec Data Center Security: Server Advanced SDCS:SA Symantec Critical System Protection SCSP vulnerable version: see:...

Symantec Data Center Security - Multiple Vulnerabilities

Symantec Data Center Security - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities products: Symantec Data Center Security: Server Advanced SDCS:SA Symantec...

Symantec SDCS:SA / SCSP XSS / Bypass / SQL Injection / Disclosure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities products: Symantec Data Center Security: Server Advanced SDCS:SA Symantec Critical System Protection SCSP vulnerable version: see:...

CVE-2014-9226

The management server in Symantec Critical System Protection SCSP 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors...

Code injection

The ajaxswing webui in the management server in Symantec Critical System Protection SCSP 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors...

CVE-2014-7289

CVE-2014-7289 is a SQL injection vulnerability in the management server of Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP). Affected versions include SCSP 5.2.9 before MP6 and SDCS:SA 6.0.x before 6.0 MP1, with exploitation via the /sis-ui/a...

CVE-2014-9225

The ajaxswing webui in the management server in Symantec Critical System Protection SCSP 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors...

CVE-2014-9224

CVE-2014-9224 is a cross-site scripting vulnerability in the ajaxswing webui of the Symantec Critical System Protection (SCSP) Management Console and Symantec Data Center Security: Server Advanced (SDCS:SA). It allows remote authenticated users to inject arbitrary web script or HTML, via unspecif...

CVE-2014-9226

CVE-2014-9226 affects Symantec Data Center Security: Server Advanced (SDCS:SA) version 6.0 MP1 and Symantec Critical System Protection (SCSP) 5.2.9 MP6. The SEC Consult advisory documents multiple default Protection Policy bypasses in the SDCS:SA Client and related components that allow an unauth...

CVE-2014-3440

The Agent Control Interface in the management server in Symantec Critical System Protection SCSP 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to...

CVE-2014-9225

The CVE-2014-9225 issue affects the ajaxswing webui in the Symantec Critical System Protection (SCSP) management server and the Symantec Data Center Security: Server Advanced (SDCS:SA) server. Affected versions are SCSP 5.2.9 through MP6 and SDCS:SA 6.0.x through 6.0 MP1. The vulnerability enable...

CVE-2014-7289

SQL injection vulnerability in the management server in Symantec Critical System Protection SCSP 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request...

Symantec Data Center Security: Server Advanced, Multiple Security Issues on Management Server and Pr

SUMMARY The management server for Symantec Critical System Protection SCSP 5.2.9 and Data Center Security: Server Advanced SDCS:SA 6.0.x is susceptible to security issues which could enable privileged access to the management server. Rules in the prevention policies could be bypassed if deployed ...