Описание
Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors.
Ссылки
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:symantec:workspace_streaming:6.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:workspace_streaming:6.1:sp1:*:*:*:*:*:*
cpe:2.3:a:symantec:workspace_streaming:6.1:sp2:*:*:*:*:*:*
cpe:2.3:a:symantec:workspace_streaming:6.1:sp3:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:symantec:appstream:5.2:*:*:*:*:*:*:*
cpe:2.3:a:symantec:appstream:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:appstream:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:symantec:appstream:5.2.3:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00571
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
почти 4 года назад
Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors.
EPSS
Процентиль: 68%
0.00571
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-287