Symantec IM Manager < 8.4.18 Multiple Vulnerabilities (SYM11-012)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

A web application on the remote Windows host has multiple
vulnerabilities.

Description :

The version of Symantec IM Manager running on the remote host is
earlier than 8.4.18. Such versions are affected by the following
vulnerabilities in the management console :

- Multiple XSS. (CVE-2011-0552)

- An unspecified SQL injection. (CVE-2011-0553)

- An unspecified code injection. (CVE-2011-0554)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-294/
http://www.nessus.org/u?3c9f9e3f

Solution :

Upgrade to Symantec IM Manager 8.4.18 (build 8.4.1405) or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 56378 ()

Bugtraq ID: 49738
49739
49742

CVE ID: CVE-2011-0552
CVE-2011-0553
CVE-2011-0554

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now