返回 CVE 浏览器

CVE-2008-4389

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.1830%

EPSS Percentile21.77th

Published2010年6月17日

Last Modified2026年4月29日

Vulnerability Description

Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors.

Affected Platforms (CPE)

📦

Symantec

Workspace Streaming

= 6.1

📦

Symantec

Workspace Streaming

= 6.1

📦

Symantec

Workspace Streaming

= 6.1

📦

Symantec

Workspace Streaming

= 6.1

📦

Symantec

Appstream

= 5.2

📦

Symantec

Appstream

= 5.2.1

📦

Symantec

Appstream

= 5.2.2

📦

Symantec

Appstream

= 5.2.3

References & Advisories

🔗 http://secunia.com/advisories/40233

🔗 http://www.kb.cert.org/vuls/id/221257

🔗 http://www.securityfocus.com/bid/40611

🔗 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100616_00

🔗 http://www.vupen.com/english/advisories/2010/1511

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/59504

🔗 http://secunia.com/advisories/40233

🔗 http://www.kb.cert.org/vuls/id/221257

相关漏洞威胁

CVE-2014-16497.9

The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sen...

CVE-2015-14846.9

Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 befor...

CVE-2016-22055.7

Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streamin...

CVE-2016-22065.7

The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Worksp...