XMLRPC Remote Code Execution Vulnerability in Symantec Workspace Streaming
CVE-2014-1649

Currently unrated

Key Information:

Vendor: Symantec
Status: Workspace Streaming
Vendor: CVE Published:; 16 May 2014

What is CVE-2014-1649?

The vulnerability in Symantec Workspace Streaming enables remote attackers to exploit a flaw in the XMLRPC interface. By sending specially crafted requests over HTTPS, attackers can gain unauthorized access to sensitive files and system functionalities, potentially leading to a complete system compromise. This issue affects versions of Symantec Workspace Streaming prior to 7.5.0.749 and poses significant risks if not mitigated.

References

http://zerodayinitiative.com/advisories/ZDI-14-127/

x_refsource_MISC

http://www.securityfocus.com/bid/67189

vdb-entryx_refsource_BID

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

EPSS Score

40% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2014
Vulnerability Reserved
Jan 23, 2014