Information Disclosure Vulnerability in Symantec Critical System Protection and Data Center Security: Server Advanced

Information Disclosure Vulnerability in Symantec Critical System Protection and Data Center Security: Server Advanced

CVE-2014-9225 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.

Learn more about our Web App Pen Testing.