Vulnerabilities > Symantec > Data Center Security > 6.0.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-01-21 | CVE-2014-9226 | Permissions, Privileges, and Access Controls vulnerability in multiple products The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors. | 7.2 |
2015-01-21 | CVE-2014-9225 | Information Exposure vulnerability in multiple products The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors. | 4.0 |
2015-01-21 | CVE-2014-9224 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2015-01-21 | CVE-2014-7289 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. | 6.5 |
2015-01-21 | CVE-2014-3440 | Improper Input Validation vulnerability in multiple products The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file. | 9.0 |