PT-2011-1434 · Symantec · Symantec Im Manager

Andrea Micalizzi

Published

2011-01-31

Updated

2018-10-10

CVE-2010-3719

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Symantec IM Manager versions 8.4.16 and earlier

Description The issue concerns an eval injection vulnerability in the administrative interface of Symantec IM Manager, specifically in the IMAdminSchedTask.asp file. This vulnerability allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method.

Recommendations For Symantec IM Manager versions 8.4.16 and earlier, consider restricting access to the IMAdminSchedTask.asp file and the ScheduleTask method until a fix is available. As a temporary workaround, avoid using unspecified parameters to the ScheduleTask method to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2010-3719

ZDI-11-037

Affected Products

Symantec Im Manager

PT-2011-1434 · Symantec · Symantec Im Manager

CVE-2010-3719

Weakness Enumeration

Related Identifiers

Affected Products

References · 10