CVE-2015-8157
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Vulnerabilidad de inyección SQL en el Management Server en Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x en versiones anteriores a 1.0 MP5, Embedded Security: Critical System Protection for Controllers y Devices (SES:CSP) 6.5.0 en versiones anteriores a MP1, Critical System Protection (SCSP) en versiones anteriores a 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x en versiones anteriores a 6.5 MP1 y 6.6 en versiones anteriores a MP1 y Data Center Security: Server Advanced Server y Agents (DCS:SA) hasta la versión 6.6 MP1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-11-13 CVE Reserved
- 2016-06-08 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/90889 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Broadcom Search vendor "Broadcom" | Symantec Critical System Protection Search vendor "Broadcom" for product "Symantec Critical System Protection" | <= 5.2.9 Search vendor "Broadcom" for product "Symantec Critical System Protection" and version " <= 5.2.9" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Symantec Data Center Security Server Search vendor "Broadcom" for product "Symantec Data Center Security Server" | 6.5.0 Search vendor "Broadcom" for product "Symantec Data Center Security Server" and version "6.5.0" | advanced |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Symantec Data Center Security Server Search vendor "Broadcom" for product "Symantec Data Center Security Server" | 6.6.0 Search vendor "Broadcom" for product "Symantec Data Center Security Server" and version "6.6.0" | advanced |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Symantec Data Center Security Server And Agents Search vendor "Broadcom" for product "Symantec Data Center Security Server And Agents" | <= 6.6.0 Search vendor "Broadcom" for product "Symantec Data Center Security Server And Agents" and version " <= 6.6.0" | advanced |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Symantec Embedded Security Critical System Protection Search vendor "Broadcom" for product "Symantec Embedded Security Critical System Protection" | <= 1.0 Search vendor "Broadcom" for product "Symantec Embedded Security Critical System Protection" and version " <= 1.0" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Symantec Embedded Security Critical System Protection For Controllers And Devices Search vendor "Broadcom" for product "Symantec Embedded Security Critical System Protection For Controllers And Devices" | <= 6.5.0 Search vendor "Broadcom" for product "Symantec Embedded Security Critical System Protection For Controllers And Devices" and version " <= 6.5.0" | - |
Affected
| ||||||