Vulnerabilities > Symantec > Data Center Security

DATE CVE VULNERABILITY TITLE RISK
2020-04-06 CVE-2020-5832 Improper Privilege Management vulnerability in Symantec Data Center Security 6.8.1
Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
symantec CWE-269
4.6
2015-01-21 CVE-2014-9226 Permissions, Privileges, and Access Controls vulnerability in multiple products
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.
local
low complexity
broadcom symantec CWE-264
7.2
2015-01-21 CVE-2014-9225 Information Exposure vulnerability in multiple products
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.
network
low complexity
broadcom symantec CWE-200
4.0
2015-01-21 CVE-2014-9224 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3.5
2015-01-21 CVE-2014-7289 SQL Injection vulnerability in multiple products
SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.
network
low complexity
broadcom symantec CWE-89
6.5
2015-01-21 CVE-2014-3440 Improper Input Validation vulnerability in multiple products
The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.
network
low complexity
broadcom symantec CWE-20
critical
9.0