Information Disclosure in Symantec Security Products Affecting Server Management
CVE-2014-9225

Currently unrated

Key Information:

Vendor

Broadcom
Status
Symantec Critical System Protection
Vendor
CVE Published:
21 January 2015

What is CVE-2014-9225?

The vulnerability in the ajaxswing web UI component of the management server in Symantec Critical System Protection and Symantec Data Center Security: Server Advanced allows remote authenticated users to access sensitive information from the server. This exploitation can occur through unspecified vectors, potentially leading to unauthorized disclosure of sensitive data within the network.

References

http://www.symantec.com/security_response/securityupdates...
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/534527/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/72094
vdb-entryx_refsource_BID

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.