CVE-2010-3719

Name of the Vulnerable Software and Affected Versions Symantec IM Manager versions 8.4.16 and earlier

Description The issue concerns an eval injection vulnerability in the administrative interface of Symantec IM Manager, specifically in the IMAdminSchedTask.asp file. This vulnerability allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method.

Recommendations For Symantec IM Manager versions 8.4.16 and earlier, consider restricting access to the IMAdminSchedTask.asp file and the ScheduleTask method until a fix is available. As a temporary workaround, avoid using unspecified parameters to the ScheduleTask method to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.