Vulnerability CVE-2010-3719


Published: 2011-02-01   Modified: 2012-02-13

Description:
Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method.

See advisories in our WLB2 database:
Topic
Author
Date
High
Symantec IM Manager Eval Code Injection Remote Code Execution Vulnerability
ZDI
03.02.2011

Type:

CWE-94

(Improper Control of Generation of Code ('Code Injection'))

CVSS2 => (AV:N/AC:M/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.5/10
10/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Symantec -> Im manager 

 References:
http://www.securityfocus.com/archive/1/516103/100/0/threaded
http://www.securityfocus.com/bid/45946
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110131_00
http://www.vupen.com/english/advisories/2011/0259
http://www.zerodayinitiative.com/advisories/ZDI-11-037
https://exchange.xforce.ibmcloud.com/vulnerabilities/65040

Copyright 2020, cxsecurity.com

 

Back to Top