CVE-2014-9224

Symantec SCSP/SDCS:SA <6.0 MP1 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9224.

AI-analyzed exploit summary The provided code includes a functional Python script demonstrating an unauthenticated SQL injection vulnerability in Symantec Data Center Security: Server Advanced (SDCS:SA) via the /sis-ui/authenticate endpoint. It also details multiple other vulnerabilities, including XSS, information disclosure, and policy bypasses.

Description

Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Exploits (1)

exploitdb WORKING POC

webappsmultiple

https://www.exploit-db.com/exploits/35915

View Code ZIP pw:eip

The provided code includes a functional Python script demonstrating an unauthenticated SQL injection vulnerability in Symantec Data Center Security: Server Advanced (SDCS:SA) via the /sis-ui/authenticate endpoint. It also details multiple other vulnerabilities, including XSS, information disclosure, and policy bypasses.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP)

No auth needed

Prerequisites: Network access to the target server · Python environment to run the exploit script

MITRE ATT&CK