Skip to main content

Symantec Critical System Protection

11 CVEs product

Monthly

CVE-2019-18374 CRITICAL Act Now

Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Symantec Critical System Protection
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2015-8800 HIGH This Week

Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Symantec Critical System Protection Symantec Data Center Security Server Symantec Data Center Security Server And Agents Symantec Embedded Security Critical System Protection +1
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2015-8799 HIGH This Week

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for. Rated high severity (CVSS 7.6). No vendor patch available.

Path Traversal Symantec Critical System Protection Symantec Data Center Security Server Symantec Data Center Security Server And Agents Symantec Embedded Security Critical System Protection +1
NVD
CVSS 3.1
7.6
EPSS
1.4%
CVE-2015-8798 HIGH This Week

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal RCE Symantec Critical System Protection Symantec Data Center Security Server Symantec Data Center Security Server And Agents +2
NVD
CVSS 3.1
8.0
EPSS
2.9%
CVE-2015-8157 HIGH This Week

SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Symantec Critical System Protection Symantec Data Center Security Server Symantec Data Center Security Server And Agents Symantec Embedded Security Critical System Protection +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2014-9226 HIGH POC This Week

The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Symantec Critical System Protection Data Center Security
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
1.3%
CVE-2014-9225 MEDIUM POC THREAT This Month

The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.1%.

Information Disclosure Symantec Critical System Protection Data Center Security
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
10.1%
CVE-2014-9224 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Symantec Critical System Protection Data Center Security
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
4.0%
CVE-2014-7289 MEDIUM POC This Month

SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Symantec Critical System Protection Data Center Security
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.9%
CVE-2014-3440 CRITICAL Act Now

The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Symantec Critical System Protection Data Center Security
NVD
CVSS 2.0
9.0
EPSS
0.8%
CVE-2013-5016 HIGH This Week

Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Symantec Critical System Protection
NVD
CVSS 2.0
7.6
EPSS
1.4%
EPSS 2% CVSS 9.8
CRITICAL Act Now

Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Symantec Critical System Protection
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Symantec Critical System Protection Symantec Data Center Security Server +3
NVD
EPSS 1% CVSS 7.6
HIGH This Week

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for. Rated high severity (CVSS 7.6). No vendor patch available.

Path Traversal Symantec Critical System Protection Symantec Data Center Security Server +3
NVD
EPSS 3% CVSS 8.0
HIGH This Week

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal RCE Symantec Critical System Protection +4
NVD
EPSS 0% CVSS 8.8
HIGH This Week

SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Symantec Critical System Protection Symantec Data Center Security Server +3
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Symantec Critical System Protection Data Center Security
NVD Exploit-DB
EPSS 10% CVSS 4.0
MEDIUM POC THREAT This Month

The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.1%.

Information Disclosure Symantec Critical System Protection Data Center Security
NVD Exploit-DB
EPSS 4% CVSS 3.5
LOW POC Monitor

Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Symantec Critical System Protection Data Center Security
NVD Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Symantec Critical System Protection Data Center Security
NVD Exploit-DB
EPSS 1% CVSS 9.0
CRITICAL Act Now

The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Symantec Critical System Protection Data Center Security
NVD
EPSS 1% CVSS 7.6
HIGH This Week

Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Symantec Critical System Protection
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy