Symantec Workspace Streaming vulnerabilities

5 known vulnerabilities affecting symantec/workspace_streaming.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2016-2206MEDIUMCVSS 5.7v7.5.0v7.6.02016-07-12
CVE-2016-2206 [MEDIUM] CWE-264 CVE-2016-2206: The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 befo The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file.
nvd
CVE-2016-2205MEDIUMCVSS 5.7v7.5.0v7.6.02016-07-12
CVE-2016-2205 [MEDIUM] CWE-22 CVE-2016-2205: Directory traversal vulnerability in the file-download configuration file in the management console Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files v
nvd
CVE-2015-1484MEDIUMCVSS 6.9v6.1v7.52015-04-22
CVE-2015-1484 [MEDIUM] CVE-2015-1484: Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 be Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.
nvd
CVE-2014-1649HIGHCVSS 7.9PoC≤ 7.5.0v6.12014-05-16
CVE-2014-1649 [HIGH] CWE-264 CVE-2014-1649: The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
nvd
CVE-2008-4389CRITICALCVSS 9.3v6.12010-06-17
CVE-2008-4389 [CRITICAL] CWE-287 CVE-2008-4389: Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors.
nvd