Symantec Data Center Security vulnerabilities
6 known vulnerabilities affecting symantec/data_center_security.
Total CVEs
6
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2020-5832HIGHCVSS 7.8fixed in 6.8.22020-04-06
CVE-2020-5832 [HIGH] CVE-2020-5832: Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to
Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
nvd
CVE-2014-3440CRITICALCVSS 9.0v6.0.02015-01-21
CVE-2014-3440 [CRITICAL] CWE-20 CVE-2014-3440: The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5
The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.
nvd
CVE-2014-9226HIGHCVSS 7.2PoCv6.0.02015-01-21
CVE-2014-9226 [HIGH] CWE-264 CVE-2014-9226: The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec D
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.
nvd
CVE-2014-9225MEDIUMCVSS 4.0PoCv6.0.02015-01-21
CVE-2014-9225 [MEDIUM] CWE-200 CVE-2014-9225: The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 thr
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.
nvd
CVE-2014-7289MEDIUMCVSS 6.5PoCv6.0.02015-01-21
CVE-2014-7289 [MEDIUM] CWE-89 CVE-2014-7289: SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5
SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.
nvd
CVE-2014-9224LOWCVSS 3.5PoCv6.0.02015-01-21
CVE-2014-9224 [LOW] CWE-79 CVE-2014-9224: Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in
Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified
nvd