CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5832
https://notcve.org/view.php?id=CVE-2020-5832
06 Apr 2020 — Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Data Center Security Manager Component, versiones anteriores a 6.8.2 (también se conoce como versión 6.8 MP2), puede ser susceptible a una vulnerabilidad de escalada de privi... • https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1750 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2014-7289 – Symantec Data Center Security - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-7289
21 Jan 2015 — SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. Vulnerabilidad de inyección SQL en la administración del servidor en Symantec Critical System Protection (SCSP) 5.2.9 anterior a MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x anterior a 6.0 MP1 p... • https://packetstorm.news/files/id/130060 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 1%CPEs: 2EXPL: 2CVE-2014-9224 – Symantec Data Center Security - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-9224
21 Jan 2015 — Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en la WebUI ajaxswing en el servidor Management Console en la administración del servidor en Symantec Critical System Protecti... • https://packetstorm.news/files/id/130060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 10%CPEs: 2EXPL: 2CVE-2014-9225 – Symantec Data Center Security - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-9225
21 Jan 2015 — The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors. La webui ajaxswing en la administración del servidor en Symantec Critical System Protection (SCSP) 5.2.9 a través de MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x a través de 6.0 MP1 permite a usuari... • https://packetstorm.news/files/id/130060 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 2CVE-2014-9226 – Symantec Data Center Security - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-9226
21 Jan 2015 — The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors. La administración del servidor en Symantec Critical System Protection (SCSP) 5.2.9 a través de MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x a través de 6.0 MP1 permite a usuarios locales evitar Políticas de Protección intencionadas a tr... • https://packetstorm.news/files/id/130060 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3440
https://notcve.org/view.php?id=CVE-2014-3440
21 Jan 2015 — The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file. La interfaz de control de agente en el servidor de administración en Symantec Critical System Protection (SCSP) 5.2.9 anterior a MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6... • http://seclists.org/fulldisclosure/2015/May/39 • CWE-20: Improper Input Validation •