CVE-2014-1649

EUVD-2014-1723
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.9 UNKNOWN
ADJACENT_NETWORK
MEDIUM
AV:A/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
symantecworkspace_streaming
𝑥
≤ 7.5.0
symantecworkspace_streaming
6.1
symantecworkspace_streaming
6.1:sp1
symantecworkspace_streaming
6.1:sp2
symantecworkspace_streaming
6.1:sp3
symantecworkspace_streaming
6.1:sp4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.exploit-db.com/exploits/33521
http://www.securityfocus.com/bid/67189
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140512_00
http://zerodayinitiative.com/advisories/ZDI-14-127/
http://www.exploit-db.com/exploits/33521
http://www.securityfocus.com/bid/67189
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140512_00
http://zerodayinitiative.com/advisories/ZDI-14-127/