CVE-2015-8157

CWE-89 — SQL Injection CWE-193 CWE-122 — Heap-based Buffer Overflow5 documents5 sources

Severity

8.8HIGH

EPSS

0.4%

top 38.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Symantec Critical System Protection Broadcom Symantec Data Center Security Server AND Agents Broadcom Symantec Embedded Security Critical System Protection +2 more

Timeline

PublishedJun 8

Latest updateMay 13

Description

SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticat…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDbroadcom/symantec_embedded_security_critical_system_protection1.0

▶NVDbroadcom/symantec_data_center_security_server6.5.0, 6.6.0+1

▶NVDbroadcom/symantec_critical_system_protection5.2.9

▶NVDbroadcom/symantec_data_center_security6.6.0

🔴Vulnerability Details

GHSA

GHSA-w8c7-26w6-xx7c: SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1↗2022-05-13

▶

CVEList

CVE-2015-8157: SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1↗2016-06-08

▶

📋Vendor Advisories

Red Hat

jasper: dec->numtiles off-by-one check in jpc_dec_process_sot() (oCERT-2015-001)↗2015-01-21

▶