Symantec IM Manager Multiple SQL Injection Vulnerabilities Network Vulnerability

Summary

Symantec IM Manager is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Symantec IM Manager versions 8.4.15 and prior are vulnerable.

Solution

Vendor updates are available. Please see the references for more information.

References

http://www.symantec.com
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101027_01
http://www.zerodayinitiative.com/advisories/ZDI-10-220/
http://www.zerodayinitiative.com/advisories/ZDI-10-221/
http://www.zerodayinitiative.com/advisories/ZDI-10-222/
http://www.zerodayinitiative.com/advisories/ZDI-10-223/
http://www.zerodayinitiative.com/advisories/ZDI-10-224/
http://www.zerodayinitiative.com/advisories/ZDI-10-225/
http://www.zerodayinitiative.com/advisories/ZDI-10-226/
https://www.securityfocus.com/bid/44299

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0112

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari RSS Feed Information Disclosure Vulnerability
4Images <= 1.7.1 Directory Traversal Vulnerability
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
ASP-Dev XM Event Diary Multiple Vulnerabilities
Avenger's News System Command Execution

Take action and discover your vulnerabilities