Symantec IM Manager < 8.4.18 Multiple Vulnerabilities (SYM11-012)

Medium Nessus Network Monitor Plugin ID 6031

Synopsis

The remote host contains a web application that is vulnerable to multiple attack vectors.

Description

The remote host is running Symantec IM Manager, an application for managing instant messaging traffic.

Versions of Symantec IM Manager earlier than build 8.4.18 are potentially affected by multiple vulnerabilities :

- An unspecified cross-site scripting vulnerability. (CVE-2011-0552)

- An unspecified SQL injection vulnerability. (CVE-2011-0553)

- An unspecified code injection vulnerability. (CVE-2011-0554)

Solution

Upgrade to Symantec IM Manager build 8.4.18 or later.

See Also

http://www.nessus.org/u?3c9f9e3f

Plugin Details

Severity: Medium

ID: 6031

File Name: 6031.prm

Family: CGI

Published: 2011/09/30

Modified: 2016/01/21

Dependencies: 1442

Nessus ID: 56378

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.5

Temporal Score: 5.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 6.3

Temporal Score: 5.9

Vector: CVSS3#AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2011/09/29

Vulnerability Publication Date: 2011/09/29

Reference Information

CVE: CVE-2011-0552, CVE-2011-0553, CVE-2011-0554

BID: 49738, 49739, 49742

OSVDB: 75981, 75982, 75983, 75984, 75985