6 matches found
CVE-2014-9226
CVE-2014-9226 affects Symantec Data Center Security: Server Advanced (SDCS:SA) version 6.0 MP1 and Symantec Critical System Protection (SCSP) 5.2.9 MP6. The SEC Consult advisory documents multiple default Protection Policy bypasses in the SDCS:SA Client and related components that allow an unauth...
CVE-2014-7289
CVE-2014-7289 is a SQL injection vulnerability in the management server of Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP). Affected versions include SCSP 5.2.9 before MP6 and SDCS:SA 6.0.x before 6.0 MP1, with exploitation via the /sis-ui/a...
CVE-2020-5832
CVE-2020-5832 affects Symantec Data Center Security Manager Component prior to 6.8.2 (6.8 MP2). The vulnerability is a privilege escalation in which an attacker may attempt to gain elevated access to protected resources. Mitigation is upgrading to version 6.8.2 (6.8 MP2); Symantec’s advisories an...
CVE-2014-9225
The CVE-2014-9225 issue affects the ajaxswing webui in the Symantec Critical System Protection (SCSP) management server and the Symantec Data Center Security: Server Advanced (SDCS:SA) server. Affected versions are SCSP 5.2.9 through MP6 and SDCS:SA 6.0.x through 6.0 MP1. The vulnerability enable...
CVE-2014-3440
CVE-2014-3440 affects Symantec Critical System Protection (SCSP) 5.2.9.x before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1. The issue is an remote code execution vulnerability due to improper sanitization of user-uploaded log files in the Management Serv...
CVE-2014-9224
CVE-2014-9224 is a cross-site scripting vulnerability in the ajaxswing webui of the Symantec Critical System Protection (SCSP) Management Console and Symantec Data Center Security: Server Advanced (SDCS:SA). It allows remote authenticated users to inject arbitrary web script or HTML, via unspecif...