A web application on the remote Windows host can be abused to execute arbitrary code.
The version of Symantec IM Manager installed on the remote Windows host is earlier than 8.4.17. The 'ScheduleTask' method exposed by the 'IMAdminSchedTask.asp' page fails to properly sanitize user input to a POST variable before using it in an 'eval()' call. If a logged in console user can be tricked into visiting a malicious link, this issue can be exploited to inject and execute arbitrary ASP code and compromise the affected application.
Upgrade to Symantec IM Manager 8.4.17 (build 8.4.1397) or later.