7.3
CVE-2015-8800
- EPSS 0.4%
- Published 08.06.2016 14:59:11
- Last modified 12.04.2025 10:46:40
- Source secure@symantec.com
- Teams watchlist Login
- Open Login
Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.
Data is provided by the National Vulnerability Database (NVD)
Broadcom ≫ Symantec Critical System Protection Version5.2.9
Broadcom ≫ Symantec Data Center Security Server Version6.5.0 SwEditionadvanced
Broadcom ≫ Symantec Data Center Security Server Version6.6.0 SwEditionadvanced
Broadcom ≫ Symantec Data Center Security Server And Agents Version6.6.0 SwEditionadvanced
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.598 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 2.1 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
|
| nvd@nist.gov | 4.9 | 6.8 | 4.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:P
|
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.