CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18374
https://notcve.org/view.php?id=CVE-2019-18374
25 Nov 2019 — Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls. Symantec Critical System Protection (CSP), versiones 8.0, 8.0 HF1 y 8.0 MP1, pueden ser susceptibles a una vulnerabilidad de omisión de autenticación, que es un tipo de problema que puede potencialmente permitir a un actor de amenazas omitir los controles de ... • https://support.symantec.com/us/en/article.SYMSA1498.html • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8157
https://notcve.org/view.php?id=CVE-2015-8157
08 Jun 2016 — SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to ... • http://www.securityfocus.com/bid/90889 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 1%CPEs: 6EXPL: 0CVE-2015-8798
https://notcve.org/view.php?id=CVE-2015-8798
08 Jun 2016 — Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated use... • http://www.securityfocus.com/bid/90884 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.6EPSS: 1%CPEs: 7EXPL: 0CVE-2015-8799
https://notcve.org/view.php?id=CVE-2015-8799
08 Jun 2016 — Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated use... • http://www.securityfocus.com/bid/90885 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8800
https://notcve.org/view.php?id=CVE-2015-8800
08 Jun 2016 — Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain ... • http://www.securityfocus.com/bid/90886 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2014-7289 – Symantec Data Center Security - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-7289
21 Jan 2015 — SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. Vulnerabilidad de inyección SQL en la administración del servidor en Symantec Critical System Protection (SCSP) 5.2.9 anterior a MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x anterior a 6.0 MP1 p... • https://packetstorm.news/files/id/130060 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 1%CPEs: 2EXPL: 2CVE-2014-9224 – Symantec Data Center Security - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-9224
21 Jan 2015 — Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en la WebUI ajaxswing en el servidor Management Console en la administración del servidor en Symantec Critical System Protecti... • https://packetstorm.news/files/id/130060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 10%CPEs: 2EXPL: 2CVE-2014-9225 – Symantec Data Center Security - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-9225
21 Jan 2015 — The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors. La webui ajaxswing en la administración del servidor en Symantec Critical System Protection (SCSP) 5.2.9 a través de MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x a través de 6.0 MP1 permite a usuari... • https://packetstorm.news/files/id/130060 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 2CVE-2014-9226 – Symantec Data Center Security - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-9226
21 Jan 2015 — The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors. La administración del servidor en Symantec Critical System Protection (SCSP) 5.2.9 a través de MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x a través de 6.0 MP1 permite a usuarios locales evitar Políticas de Protección intencionadas a tr... • https://packetstorm.news/files/id/130060 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3440
https://notcve.org/view.php?id=CVE-2014-3440
21 Jan 2015 — The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file. La interfaz de control de agente en el servidor de administración en Symantec Critical System Protection (SCSP) 5.2.9 anterior a MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6... • http://seclists.org/fulldisclosure/2015/May/39 • CWE-20: Improper Input Validation •