ID de Prueba:	1.3.6.1.4.1.25623.1.0.802252
Categoría:	Web application abuses
Título:	Symantec IM Manager <= 8.4.17 Multiple Vulnerabilities
Resumen:	Symantec IM Manager is prone to multiple vulnerabilities.
Descripción:	Summary: Symantec IM Manager is prone to multiple vulnerabilities. Vulnerability Insight: - Input passed to the 'refreshRateSetting' parameter in IMManager/Admin/IMAdminSystemDashboard.asp, 'nav' and 'menuitem' parameters in IMManager/Admin/IMAdminTOC_simple.asp, and 'action' parameter in IMManager/Admin/IMAdminEdituser.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. - Input validation errors exist within the Administrator Console allows remote attackers to execute arbitrary code or SQL commands via unspecified vectors. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary script code in the browser, compromise the application, access or modify data, or exploit latent vulnerability in the underlying database. Affected Software/OS: Symantec IM Manager versions 8.4.17 and prior. Solution: Update to version 8.4.18 (build 8.4.1405) or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0552 BugTraq ID: 49739 http://www.securityfocus.com/bid/49739 http://securitytracker.com/id?1026130 http://secunia.com/advisories/43157 Common Vulnerability Exposure (CVE) ID: CVE-2011-0553 BugTraq ID: 49738 http://www.securityfocus.com/bid/49738 Common Vulnerability Exposure (CVE) ID: CVE-2011-0554 BugTraq ID: 49742 http://www.securityfocus.com/bid/49742
Copyright	Copyright (C) 2011 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.