Symantec IM Manager whereClause Parameter SQL Injection (SYM10-010)

critical Nessus Plugin ID 50433

Synopsis

A web application on the remote Windows host is prone to a SQL injection attack.

Description

The version of Symantec IM Manager installed on the remote Windows host fails to sanitize input to the 'whereClause' parameter of the 'rdpageimlogic.aspx' script before using it in the 'LoggedInUsers.lgx' definition file to construct database queries.

An unauthenticated attacker may be able to exploit this issue to manipulate database queries, leading to disclosure of sensitive information or attacks against the underlying database.

Note that the application is also likely to be affected by several other related SQL injection vulnerabilities, although Nessus has not checked them.

Solution

Upgrade to Symantec IM Manager 8.4.16 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-10-223/

https://seclists.org/fulldisclosure/2010/Oct/424

http://www.nessus.org/u?e2c5b6f6

Plugin Details

Severity: Critical

ID: 50433

File Name: symantec_im_mgr_whereclause_sqli.nasl

Version: 1.13

Type: remote

Agent: windows

Family: Windows

Published: 11/1/2010

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:symantec:im_manager

Required KB Items: www/ASP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Patch Publication Date: 10/27/2010

Vulnerability Publication Date: 10/27/2010

Reference Information

CVE: CVE-2010-0112

BID: 44299