Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-9225

CWE-200 — Information Exposure4 documents4 sources

Severity

4.0MEDIUM

EPSS

10.1%

top 6.90%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Symantec Critical System Protection Symantec Data Center Security

Timeline

PublishedJan 21

Latest updateMay 13

Description

The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDsymantec/data_center_security6.0.0

▶NVDbroadcom/symantec_critical_system_protection5.2.9

🔴Vulnerability Details

GHSA

GHSA-vm75-p2wg-q736: The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5↗2022-05-13

▶

CVEList

CVE-2014-9225: The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5↗2015-01-21

▶

💥Exploits & PoCs

Exploit-DB

Symantec Data Center Security - Multiple Vulnerabilities↗2015-01-26

▶