Broadcom Symantec Critical System Protection vulnerabilities

CVE-2019-18374 [CRITICAL] CWE-287 CVE-2019-18374: Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls.

CVE-2015-8799 [HIGH] CWE-22 CVE-2015-8799: Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical S Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA)

CVE-2015-8157 [HIGH] CWE-89 CVE-2015-8157: SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x be

CVE-2015-8800 [HIGH] CWE-74 CVE-2015-8800: Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Secu Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Securi

CVE-2015-8798 [HIGH] CWE-22 CVE-2015-8798: Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical S Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA)

CVE-2014-3440 [CRITICAL] CWE-20 CVE-2014-3440: The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5 The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.

CVE-2014-9226 [HIGH] CWE-264 CVE-2014-9226: The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec D The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.

CVE-2014-9225 [MEDIUM] CWE-200 CVE-2014-9225: The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 thr The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.

CVE-2014-7289 [MEDIUM] CWE-89 CVE-2014-7289: SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5 SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.

CVE-2014-9224 [LOW] CWE-79 CVE-2014-9224: Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified

CVE-2013-5016 [HIGH] CWE-264 CVE-2013-5016: Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Serv Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors.