CVE-2015-8798

CWE-22 — Path Traversal3 documents3 sources

Severity

8.0HIGH

EPSS

2.9%

top 13.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Symantec Critical System Protection Broadcom Symantec Data Center Security Server AND Agents Broadcom Symantec Embedded Security Critical System Protection +2 more

Timeline

PublishedJun 8

Latest updateMay 13

Description

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authe…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages4 packages

▶NVDbroadcom/symantec_embedded_security_critical_system_protection1.0

▶NVDbroadcom/symantec_data_center_security_server6.5.0, 6.6.0+1

▶NVDbroadcom/symantec_critical_system_protection5.2.9

▶NVDbroadcom/symantec_data_center_security6.6.0

🔴Vulnerability Details

GHSA

GHSA-7m45-rxr2-jh3h: Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1↗2022-05-13

▶

CVEList

CVE-2015-8798: Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1↗2016-06-08

▶