CVE-2015-8799

Name of the Vulnerable Software and Affected Versions Symantec Embedded Security: Critical System Protection (SES:CSP) versions 1.0.x through 1.0 before MP5 Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) version 6.5.0 before MP1 Critical System Protection (SCSP) versions prior to 5.2.9 MP6 Data Center Security: Server Advanced Server (DCS:SA) versions 6.x through 6.4 and 6.6 before MP1 Data Center Security: Server Advanced Server and Agents (DCS:SA) versions prior to 6.6 MP1

Description A directory traversal issue in the Management Server allows remote authenticated users to write update-package data to arbitrary agent locations.

Recommendations For Symantec Embedded Security: Critical System Protection (SES:CSP) versions 1.0.x through 1.0 before MP5, update to version 1.0 MP5 or later. For Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) version 6.5.0 before MP1, update to version 6.5.0 MP1 or later. For Critical System Protection (SCSP) versions prior to 5.2.9 MP6, update to version 5.2.9 MP6 or later. For Data Center Security: Server Advanced Server (DCS:SA) versions 6.x through 6.4 and 6.6 before MP1, update to version 6.5 MP1 or later for 6.x and version 6.6 MP1 or later for 6.6. For Data Center Security: Server Advanced Server and Agents (DCS:SA) versions prior to 6.6 MP1, update to version 6.6 MP1 or later.