CVE-2016-2206

MEDIUM

Symantec Workspace Streaming and Virtualization - Authenticated Arbitrary File Read via File-Download Configuration

Title source: llm

Description

The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file.

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036263

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036262

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/89394

Scores

CVSS v3 5.7

EPSS 0.0015

EPSS Percentile 35.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-264

Status published

Products (4)

symantec/workspace_streaming 7.5.0 (2 CPE variants)

symantec/workspace_streaming 7.6.0

symantec/workspace_virtualization 7.5.0 (2 CPE variants)

symantec/workspace_virtualization 7.6.0

Published Jul 12, 2016

Tracked Since Feb 18, 2026