Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-1649

CWE-2644 documents4 sources
Severity
7.9HIGH
EPSS
40.2%
top 2.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Symantec Workspace Streaming
Timeline
PublishedMay 16
Latest updateMay 17

Description

The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 5.5 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-g9j3-v5q7-8mm4: The server in Symantec Workspace Streaming (SWS) before 72022-05-17
CVEList
CVE-2014-1649: The server in Symantec Workspace Streaming (SWS) before 72014-05-16

💥Exploits & PoCs

1
Exploit-DB
Symantec Workspace Streaming - Arbitrary File Upload (Metasploit)2014-05-26
CVE-2014-1649 (HIGH CVSS 7.9) | The server in Symantec Workspace St | cvebase.io