Lucene search
K
BroadcomSymantec Critical System Protection

11 matches found

CVE
CVE
added 2015/01/21 11:0 a.m.78 views

CVE-2014-9226

CVE-2014-9226 affects Symantec Data Center Security: Server Advanced (SDCS:SA) version 6.0 MP1 and Symantec Critical System Protection (SCSP) 5.2.9 MP6. The SEC Consult advisory documents multiple default Protection Policy bypasses in the SDCS:SA Client and related components that allow an unauth...

7.2CVSS7.9AI score0.01544EPSS
CVE
CVE
added 2015/01/21 11:0 a.m.63 views

CVE-2014-7289

CVE-2014-7289 is a SQL injection vulnerability in the management server of Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP). Affected versions include SCSP 5.2.9 before MP6 and SDCS:SA 6.0.x before 6.0 MP1, with exploitation via the /sis-ui/a...

6.5CVSS8.6AI score0.04554EPSS
CVE
CVE
added 2016/06/08 2:0 p.m.62 views

CVE-2015-8800

CVE-2015-8800 affects Symantec SES:CSP/SDCS:SA and related components: SES:CSP 1.0.x before 1.0 MP5, SES:CSP for Controllers and Devices 6.5.0 before MP1, SCSP before 5.2.9 MP6, DCS:SA 6.x before 6.5 MP1 and 6.6 before MP1, and DCS:SA and Agents through 6.6 MP1. The issue allows remote authentica...

7.3CVSS7.6AI score0.01363EPSS
CVE
CVE
added 2015/01/21 11:0 a.m.59 views

CVE-2014-9225

The CVE-2014-9225 issue affects the ajaxswing webui in the Symantec Critical System Protection (SCSP) management server and the Symantec Data Center Security: Server Advanced (SDCS:SA) server. Affected versions are SCSP 5.2.9 through MP6 and SDCS:SA 6.0.x through 6.0 MP1. The vulnerability enable...

4CVSS7.7AI score0.0922EPSS
CVE
CVE
added 2016/06/08 2:0 p.m.59 views

CVE-2015-8798

CVE-2015-8798 describes a directory traversal vulnerability in the Management Server of Symantec’s SES:CSP/SDCS:SA family. Affected products include SES:CSP 1.0.x (before 1.0 MP5), SES:CSP for Controllers and Devices 6.5.0 (before MP1), SCSP 5.2.9 (before MP6), DCS:SA 6.x (before 6.5 MP1) and 6.6...

8CVSS8.2AI score0.02536EPSS
CVE
CVE
added 2016/06/08 2:0 p.m.56 views

CVE-2015-8799

CVE-2015-8799 is a directory-traversal vulnerability in the Management Server of Symantec SES:CSP/SCSP/DCS:SA products. It allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors, potentially enabling code execution on affected agents. A...

7.6CVSS7.7AI score0.05694EPSS
CVE
CVE
added 2015/01/21 11:0 a.m.55 views

CVE-2014-3440

CVE-2014-3440 affects Symantec Critical System Protection (SCSP) 5.2.9.x before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1. The issue is an remote code execution vulnerability due to improper sanitization of user-uploaded log files in the Management Serv...

9CVSS8.6AI score0.03306EPSS
CVE
CVE
added 2015/01/21 11:0 a.m.54 views

CVE-2014-9224

CVE-2014-9224 is a cross-site scripting vulnerability in the ajaxswing webui of the Symantec Critical System Protection (SCSP) Management Console and Symantec Data Center Security: Server Advanced (SDCS:SA). It allows remote authenticated users to inject arbitrary web script or HTML, via unspecif...

3.5CVSS6.5AI score0.04591EPSS
CVE
CVE
added 2016/06/08 2:0 p.m.52 views

CVE-2015-8157

CVE-2015-8157 is a SQL injection in the Management Server of Symantec SES:CSP and related products. The issue allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Affected products/versions include SES:CSP 1.0.x before 1.0 MP5, SES:CSP for Controllers and D...

8.8CVSS8.7AI score0.01697EPSS
CVE
CVE
added 2019/11/25 4:22 p.m.47 views

CVE-2019-18374

CVE-2019-18374 affects Symantec Critical System Protection (CSP) versions 8.0, 8.0 HF1 and 8.0 MP1, with an authentication bypass vulnerability. Root cause details are not fully disclosed in the provided documents, but Red Hat and Symantec advisories indicate an authentication bypass allowing byp...

9.8CVSS9.4AI score0.01672EPSS
CVE
CVE
added 2014/05/08 10:0 a.m.44 views

CVE-2013-5016

Symantec Critical System Protection (SCSP) for Windows is affected by CVE-2013-5016 when installed on unpatched Windows Server 2003 R2 and running SCSP version prior to 5.2.9. Remote attackers could bypass default policy settings via unspecified vectors, as discussed in the SYM14-008 advisory and...

7.6CVSS6.8AI score0.02354EPSS