Symantec Management Console Multiple XSS and XXE Vulnerabilities (SYM17-005)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The Symantec Management Console on the target host is affected by
multiple XSS and XXE vulnerabilities.

Description :

The version of Symantec Manager Console running on the remote host is
earlier then ITM 8.1 RU1, ITMS 8.0_POST_HF6 or ITMS 7.6_POST_HF7 and
is therefore affected by multiple cross-site scripting (XSS) and
XML External Entity (XXE) processing vulnerabilities.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-294/
http://www.nessus.org/u?3c9f9e3f

Solution :

Upgrade to Symantec Management Console ITMS 8.1 RU1 or later or apply
patches ITMS 8.0_POST_HF6 and ITMS 7.6_POST_HF7.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Windows

Nessus Plugin ID: 102203 ()

Bugtraq ID:

CVE ID: CVE-2017-6322
CVE-2017-6323

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now