Information Disclosure in Symantec Security Products Affecting Server Management
CVE-2014-9225

Currently unrated

Key Information:

Vendor: Broadcom
Status: Symantec Critical System Protection
Vendor: CVE Published:; 21 January 2015

What is CVE-2014-9225?

The vulnerability in the ajaxswing web UI component of the management server in Symantec Critical System Protection and Symantec Data Center Security: Server Advanced allows remote authenticated users to access sensitive information from the server. This exploitation can occur through unspecified vectors, potentially leading to unauthorized disclosure of sensitive data within the network.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/534527/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/72094

vdb-entryx_refsource_BID

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 21, 2015
Vulnerability Reserved
Dec 3, 2014

Broadcom

What is CVE-2014-9225?

References

EPSS Score

Timeline