5 matches found
CVE-2014-1649
Symantec Workspace Streaming (SWS) server before 7.5.0.749 has an information disclosure/arbitrary file upload vulnerability in its XML-RPC handling (notably the ManagementAgentServer.putFile path), due to lack of proper access-control validation on XMLRPC requests. This allows remote, unauthenti...
CVE-2015-1484
Symantec Workspace Streaming Agent is affected by a local privilege escalation due to an unquoted search/path in AppMgrService.exe when installed as a service. A Trojan horse executable placed in the system root can be launched at service startup to gain SYSTEM privileges. Affected versions inclu...
CVE-2016-2205
Symantec Workspace Streaming (SWS) and Workspace Virtualization (SWV) are affected by CVE-2016-2205, a path traversal in the file-download configuration file of the management consoles. An authenticated user could read arbitrary application files on the host via this vulnerability. Affected versi...
CVE-2008-4389
Symantec AppStream 5.2.x and Symantec Workspace Streaming 6.1.x before 6.1 SP4 have an authentication flaw that allows a remote, rogue Workspace Streaming server to cause clients to download arbitrary executables and execute them, enabling arbitrary code execution on the client. Affected componen...
CVE-2016-2206
The CVE-2016-2206 entry affects Symantec Workspace Streaming (SWS) and Symantec Workspace Virtualization (SWV). The vulnerability exists in the management consoles where an attacker can read arbitrary host files by altering the file-download configuration file. Affected versions include SWS 7.5.x...