This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
A web application on the remote Windows host can be abused to execute
The version of Symantec IM Manager installed on the remote Windows
host is earlier than 8.4.17. The 'ScheduleTask' method exposed by the
'IMAdminSchedTask.asp' page fails to properly sanitize user input to a
POST variable before using it in an 'eval()' call.
If a logged in console user can be tricked into visiting a malicious
link, this issue can be exploited to inject and execute arbitrary ASP
code and compromise the affected application.
See also :
Upgrade to Symantec IM Manager 8.4.17 (build 8.4.1397) or later.
Risk factor :
High / CVSS Base Score : 8.5
CVSS Temporal Score : 7.4
Public Exploit Available : true