Symantec Critical System Protection Multiple Vulnerabilities

Last Update Date: 21 Jan 2015 10:45 Release Date: 21 Jan 2015 3710 Views

RISK: High Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in Symantec Critical System Protection. A remote authenticated user can execute arbitrary code on the target system, inject SQL commands, and obtain potentially sensitive information. A remote user can conduct cross-site scripting attacks. A local user can bypass security policy.

Impact

Cross-Site Scripting
Remote Code Execution
Security Restriction Bypass
Information Disclosure
Data Manipulation

System / Technologies affected

5.2.9.x prior to 5.2.9 MP6

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

The vendor has issued a fix (5.2.9 MP6).
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00

Symantec Critical System Protection Multiple Vulnerabilities

Impact

System / Technologies affected

Solutions

Vulnerability Identifier

Source

Related Link