CVE-2008-4389
Symantec Workspace Streaming < 6.1 SP4 and AppStream 5.2.x - Improper Authentication
Title source: llmDescription
Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors.
References (6)
Core 6
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40233
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40611
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1511
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/221257
Third Party Advisory x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100616_00
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/59504
Scores
EPSS
0.0057
EPSS Percentile
68.9%
Details
CWE
CWE-287
Status
published
Products (5)
symantec/appstream
5.2
symantec/appstream
5.2.1
symantec/appstream
5.2.2
symantec/appstream
5.2.3
symantec/workspace_streaming
6.1 (4 CPE variants)
Published
Jun 17, 2010
Tracked Since
Feb 18, 2026