Signature Detail
Short Name |
APP:SYMC:IM-MGR-INJ |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Symantec IM Manager Administrator Console Code Injection |
Release Date |
2011/10/18 |
Update Number |
2012 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+ |
HTTP: Symantec IM Manager Administrator Console Code Injection
A code injection vulnerability exists in Symantec IM Manager Administrator console. The vulnerability is due to improper input validation that can lead to Javascript code injection and execution on the server. A remote attacker can exploit this vulnerability by enticing an authenticated user to visit a crafted web page. Successful exploitation will result in inject and execution of arbitrary code in the context of the Management Console.
Extended Description
Symantec IM Manager is prone to a vulnerability that will let attackers run arbitrary code. Remote attackers can exploit this issue to run arbitrary code in the context of the affected application. IM Manager versions prior to 8.4.18 are affected.
Affected Products
- Symantec IM Manager 8.4
- Symantec IM Manager 8.4.0
- Symantec IM Manager 8.4.1
- Symantec IM Manager 8.4.10
- Symantec IM Manager 8.4.11
- Symantec IM Manager 8.4.12
- Symantec IM Manager 8.4.13
- Symantec IM Manager 8.4.15
- Symantec IM Manager 8.4.15
- Symantec IM Manager 8.4.16
- Symantec IM Manager 8.4.17
- Symantec IM Manager 8.4.2
- Symantec IM Manager 8.4.5
- Symantec IM Manager 8.4.5
- Symantec IM Manager 8.4.6
- Symantec IM Manager 8.4.7
- Symantec IM Manager 8.4.8
- Symantec IM Manager 8.4.9
References
- BugTraq: 49742
- CVE: CVE-2011-0554