3 results (0.009 seconds)

CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0

The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file. La consola de administración en Symantec Workspace Streaming (SWS) 7.5.x en versiones anteriores a 7.5 SP1 HF9 y 7.6.0 en versiones anteriores a 7.6 HF5 y Symantec Workspace Virtualization (SWV) 7.5.x en versiones anteriores a 7.5 SP1 HF9 y 7.6.0 en versiones anteriores a 7.6 HF5 permite a usuarios remotos autenticados leer archivos arbitrarios modificando el archivo de configuración de la descarga de archivos. • http://www.securityfocus.com/bid/89394 http://www.securitytracker.com/id/1036262 http://www.securitytracker.com/id/1036263 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors. Vulnerabilidad de salto de directorio en el archivo de configuración de la descarga de archivos en la consola de administración en Symantec Workspace Streaming (SWS) 7.5.x en versiones anteriores a 7.5 SP1 HF9 y 7.6.0 en versiones anteriores a 7.6 HF5 y Symantec Workspace Virtualization (SWV) 7.5.x en versiones anteriores a 7.5 SP1 HF9 y 7.6.0 en versiones anteriores a 7.6 HF5 permite a usuarios remotos autenticados leer archivos de la aplicación no especificados a través de vectores desconocidos. • http://www.securityfocus.com/bid/89395 http://www.securitytracker.com/id/1036262 http://www.securitytracker.com/id/1036263 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 97%CPEs: 6EXPL: 2

The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS. El servidor en Symantec Workspace Streaming (SWS) anterior a 7.5.0.749 permite a atacantes remotos acceder a archivos y funcionalidad mediante el envío de una solicitud XMLRPC manipulada sobre HTTPS. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Workspace Streaming. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SWS Agent (as_agent.exe) component. By sending a crafted XMLRPC request to this component, an attacker is able to overwrite configuration files for the Workspace Streaming server. • https://www.exploit-db.com/exploits/33521 http://www.exploit-db.com/exploits/33521 http://www.securityfocus.com/bid/67189 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140512_00 http://zerodayinitiative.com/advisories/ZDI-14-127 • CWE-264: Permissions, Privileges, and Access Controls •