CVE-2016-2205

MEDIUM

Symantec Workspace Streaming and Virtualization - Authenticated Path Traversal

Title source: llm

Description

Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors.

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/89395

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036263

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036262

Scores

CVSS v3 5.7

EPSS 0.0040

EPSS Percentile 60.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (4)

symantec/workspace_streaming 7.5.0 (2 CPE variants)

symantec/workspace_streaming 7.6.0

symantec/workspace_virtualization 7.5.0 (2 CPE variants)

symantec/workspace_virtualization 7.6.0

Published Jul 12, 2016

Tracked Since Feb 18, 2026