CVE-2015-8157

Name of the Vulnerable Software and Affected Versions Symantec Embedded Security: Critical System Protection (SES:CSP) versions 1.0.x through 1.0 before MP5 Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) version 6.5.0 before MP1 Critical System Protection (SCSP) versions prior to 5.2.9 MP6 Data Center Security: Server Advanced Server (DCS:SA) versions 6.x through 6.4 and version 6.6 before MP1 Data Center Security: Server Advanced Server and Agents (DCS:SA) versions prior to 6.6 MP1

Description A SQL injection issue in the Management Server allows remote authenticated users to execute arbitrary SQL commands.

Recommendations For Symantec Embedded Security: Critical System Protection (SES:CSP) versions 1.0.x, update to 1.0 MP5 or later. For Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) version 6.5.0, update to MP1 or later. For Critical System Protection (SCSP), update to 5.2.9 MP6 or later. For Data Center Security: Server Advanced Server (DCS:SA) versions 6.x, update to 6.5 MP1 or later, and for version 6.6, update to MP1 or later. For Data Center Security: Server Advanced Server and Agents (DCS:SA), update to 6.6 MP1 or later.