Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP
Опубликовано:25 января 2015 г.
Источник:
SecurityVulns ID:14238
Тип:удаленная
Уровень опасности:
6/10
Описание:Инъекции SQL, межсайтовый скриптинг, раскрытие информации, обход ограничений.
Затронутые продукты:SYMANTEC : Symantec Data Center Security: Server Advanced 6.0
 SYMANTEC : Symantec Critical System Protection 5.2
CVE:CVE-2014-9226 (The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.)
 CVE-2014-9225 (The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.)
 CVE-2014-9224 (Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2014-7289 (SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.)
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP (25.01.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород