CVE-2015-8800
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.
Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x en versiones anteriores a 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 en versiones anteriores a MP1, Critical System Protection (SCSP) en versiones anteriores a 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x en versiones anteriores a 6.5 MP1 y 6.6 en versiones anteriores a MP1 y Data Center Security: Server Advanced Server and Agents (DCS:SA) hasta la versión 6.6 MP1 permite a usuarios remotos autenticados llevar a cabo ataques de inyección de argumento aprovechando ciertos accesos de canalización nombrada.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-02-02 CVE Reserved
- 2016-06-08 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/90886 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Broadcom Search vendor "Broadcom" | Symantec Critical System Protection Search vendor "Broadcom" for product "Symantec Critical System Protection" | 5.2.9 Search vendor "Broadcom" for product "Symantec Critical System Protection" and version "5.2.9" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Symantec Data Center Security Server Search vendor "Broadcom" for product "Symantec Data Center Security Server" | 6.5.0 Search vendor "Broadcom" for product "Symantec Data Center Security Server" and version "6.5.0" | advanced |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Symantec Data Center Security Server Search vendor "Broadcom" for product "Symantec Data Center Security Server" | 6.6.0 Search vendor "Broadcom" for product "Symantec Data Center Security Server" and version "6.6.0" | advanced |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Symantec Data Center Security Server And Agents Search vendor "Broadcom" for product "Symantec Data Center Security Server And Agents" | 6.6.0 Search vendor "Broadcom" for product "Symantec Data Center Security Server And Agents" and version "6.6.0" | advanced |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Symantec Embedded Security Critical System Protection Search vendor "Broadcom" for product "Symantec Embedded Security Critical System Protection" | 1.0 Search vendor "Broadcom" for product "Symantec Embedded Security Critical System Protection" and version "1.0" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Symantec Embedded Security Critical System Protection For Controllers And Devices Search vendor "Broadcom" for product "Symantec Embedded Security Critical System Protection For Controllers And Devices" | 6.5.0 Search vendor "Broadcom" for product "Symantec Embedded Security Critical System Protection For Controllers And Devices" and version "6.5.0" | - |
Affected
| ||||||