What is the severity of CVE-2015-8798?

CVE-2015-8798 is classified as a critical vulnerability due to its potential for unauthorized access to sensitive files.

How do I fix CVE-2015-8798?

To remediate CVE-2015-8798, it is recommended to update the affected Symantec products to the latest patched versions.

Which versions are affected by CVE-2015-8798?

CVE-2015-8798 impacts Symantec Critical System Protection versions before 5.2.9 MP and Embedded Security for Controllers and Devices before version 6.5.0 MP1.

What types of attacks can exploit CVE-2015-8798?

An attacker can exploit CVE-2015-8798 through directory traversal techniques to access unauthorized files on the management server.

Is there a workaround for CVE-2015-8798?

Currently, no official workaround is provided for CVE-2015-8798, so applying updates is the best mitigation strategy.

Vulnerability/
CVE-2015-8798

high

CWE

8/6/2016

6/8/2024

CVE-2015-8798: Path Traversal

First published: Wed Jun 08 2016(Updated: )

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors.

Credit: secure@symantec.com

Affected Software	Affected Version	How to fix
Broadcom Symantec Critical System Protection	<=5.2.9
Broadcom Symantec Data Center Security	=6.5.0
Broadcom Symantec Data Center Security	=6.6.0
Broadcom Symantec Data Center Security	<=6.6.0
Broadcom Symantec Critical System Protection	<=1.0
Broadcom Symantec Embedded Security Critical System Protection	<=6.5.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-8798?
CVE-2015-8798 is classified as a critical vulnerability due to its potential for unauthorized access to sensitive files.
How do I fix CVE-2015-8798?
To remediate CVE-2015-8798, it is recommended to update the affected Symantec products to the latest patched versions.
Which versions are affected by CVE-2015-8798?
CVE-2015-8798 impacts Symantec Critical System Protection versions before 5.2.9 MP and Embedded Security for Controllers and Devices before version 6.5.0 MP1.
What types of attacks can exploit CVE-2015-8798?
An attacker can exploit CVE-2015-8798 through directory traversal techniques to access unauthorized files on the management server.
Is there a workaround for CVE-2015-8798?
Currently, no official workaround is provided for CVE-2015-8798, so applying updates is the best mitigation strategy.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/last-modified-date
agent/weakness
agent/event
agent/description
agent/first-publish-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/broadcom
canonical/broadcom symantec critical system protection
version/broadcom symantec critical system protection/5.2.9
canonical/broadcom symantec data center security
version/broadcom symantec data center security/6.5.0
version/broadcom symantec data center security/6.6.0
version/broadcom symantec critical system protection/1.0
canonical/broadcom symantec embedded security critical system protection
version/broadcom symantec embedded security critical system protection/6.5.0