CVE-2008-4389

CWE-287Improper Authentication3 documents3 sources
Severity
9.3CRITICAL
EPSS
0.6%
top 31.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Symantec AppstreamSymantec Workspace Streaming
Timeline
PublishedJun 17
Latest updateMay 2

Description

Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDsymantec/appstream4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-gmxw-wf52-2vxp: Symantec AppStream 52022-05-02
CVEList
CVE-2008-4389: Symantec AppStream 52010-06-17
CVE-2008-4389 (CRITICAL CVSS 9.3) | Symantec AppStream 5.2.x and Symant | cvebase.io