Test Kennung:	1.3.6.1.4.1.25623.1.0.901186
Kategorie:	Web application abuses
Titel:	Symantec IM Manager 'eval()' Code Injection Vulnerability
Zusammenfassung:	This host is installed with Symantec IM Manager and is prone to; code injection vulnerability.
Beschreibung:	Summary: This host is installed with Symantec IM Manager and is prone to code injection vulnerability. Vulnerability Insight: The flaw is caused by an input validation error in the 'ScheduleTask' method of the 'IMAdminSchedTask.asp' page within the administration console when processing a POST variable via an 'eval()' call, which could be exploited by attackers to inject and execute arbitrary ASP code by enticing a logged-in console user to visit a malicious link. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary code on the system. Affected Software/OS: Symantec IM Manager versions 8.4.16 and prior Solution: Upgarade to Symantec IM Manager version 8.4.17 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Querverweis:	BugTraq ID: 45946 Common Vulnerability Exposure (CVE) ID: CVE-2010-3719 http://www.securityfocus.com/bid/45946 Bugtraq: 20110131 ZDI-11-037: Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Eval Code Injection Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/516103/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-11-037 http://osvdb.org/70755 http://secunia.com/advisories/43143 http://www.vupen.com/english/advisories/2011/0259 XForce ISS Database: immanager-scheduletask-code-execution(65040) https://exchange.xforce.ibmcloud.com/vulnerabilities/65040
Copyright	Copyright (C) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.