ByteOS Network

Vulnerability Details :

CVE-2014-9224

Assigner Org ID-80d3bcb6-88de-48c2-a47e-aebf795f19b5

Published At-21 Jan, 2015 | 11:00

Updated At-06 Aug, 2024 | 13:40

Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:symantec

Assigner Org ID:80d3bcb6-88de-48c2-a47e-aebf795f19b5

Published At:21 Jan, 2015 | 11:00

Updated At:06 Aug, 2024 | 13:40

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00	x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/534527/100/0/threaded	mailing-list x_refsource_BUGTRAQ
http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html	x_refsource_MISC
http://seclists.org/fulldisclosure/2015/Jan/91	mailing-list x_refsource_FULLDISC
http://www.securityfocus.com/bid/72093	vdb-entry x_refsource_BID

Hyperlink: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/archive/1/534527/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html

Resource:

x_refsource_MISC

Hyperlink: http://seclists.org/fulldisclosure/2015/Jan/91

Resource:

mailing-list

x_refsource_FULLDISC

Hyperlink: http://www.securityfocus.com/bid/72093

Resource:

vdb-entry

x_refsource_BID

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/archive/1/534527/100/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html	x_refsource_MISC x_transferred
http://seclists.org/fulldisclosure/2015/Jan/91	mailing-list x_refsource_FULLDISC x_transferred
http://www.securityfocus.com/bid/72093	vdb-entry x_refsource_BID x_transferred

Hyperlink: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/534527/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://seclists.org/fulldisclosure/2015/Jan/91

Resource:

mailing-list

x_refsource_FULLDISC

x_transferred

Hyperlink: http://www.securityfocus.com/bid/72093

Resource:

vdb-entry

x_refsource_BID

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:secure@symantec.com

Published At:21 Jan, 2015 | 15:17

Updated At:12 Apr, 2025 | 10:46

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N

Type: Primary

Version: 2.0

Base score: 3.5

Base severity: LOW

Vector:

AV:N/AC:M/Au:S/C:N/I:P/A:N

CPE Matches

Broadcom Inc.

>>symantec_critical_system_protection>>5.2.9

cpe:2.3:a:broadcom:symantec_critical_system_protection:5.2.9:*:*:*:*:*:*:*

Symantec Corporation

>>data_center_security>>6.0.0

cpe:2.3:a:symantec:data_center_security:6.0.0:*:*:*:server_advanced:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html	secure@symantec.com	N/A
http://seclists.org/fulldisclosure/2015/Jan/91	secure@symantec.com	N/A
http://www.securityfocus.com/archive/1/534527/100/0/threaded	secure@symantec.com	N/A
http://www.securityfocus.com/bid/72093	secure@symantec.com	N/A
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00	secure@symantec.com	Vendor Advisory
http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://seclists.org/fulldisclosure/2015/Jan/91	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/534527/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/72093	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

Hyperlink: http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html

Source: secure@symantec.com

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2015/Jan/91

Source: secure@symantec.com

Resource: N/A

Hyperlink: http://www.securityfocus.com/archive/1/534527/100/0/threaded

Source: secure@symantec.com

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/72093

Source: secure@symantec.com

Resource: N/A

Hyperlink: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00

Source: secure@symantec.com

Resource:

Vendor Advisory

Hyperlink: http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html