First published: Wed Jun 08 2016(Updated: )
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.
Credit: secure@symantec.com
Affected Software | Affected Version | How to fix |
---|---|---|
Broadcom Symantec Critical System Protection | <=5.2.9 | |
Broadcom Symantec Data Center Security Server | >=6.0.0<6.5.0 | |
Broadcom Symantec Data Center Security Server | =6.5.0 | |
Broadcom Symantec Data Center Security Server | =6.6.0 | |
Broadcom Symantec Data Center Security Server And Agents | =6.6.0 | |
Broadcom Symantec Embedded Security Critical System Protection | <=1.0 | |
Broadcom Symantec Embedded Security Critical System Protection For Controllers And Devices | =6.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.