Symantec’s Multiple Vulnerabilities

Tuesday, October 4, 2011 @ 12:10 PM gHale


There are multiple vulnerabilities in Symantec IM Manager that can execute arbitrary HTML code and script code in a browser.

One issue, according to security software inspector Secunia, shows input passed to the “refreshRateSetting” parameter in IMManager/Admin/IMAdminSystemDashboard.asp, “nav” and “menuitem” parameters in IMManager/Admin/IMAdminTOC_simple.asp, and “action” parameter in IMManager/Admin/IMAdminEdituser.asp does not undergo proper sanitation before returning to the user.

RELATED STORIES
Cisco Patches IOS Holes
Cisco ISE Vulnerability
Oracle Security Holes
Cisco Patches Critical Vulnerabilities

This can cause a user to suffer from an exploitation that executes arbitrary HTML and script code in a user’s browser session in context of an affected site.

A second vulnerability shows an input validation error exists within the Administrator Console. No further information is currently available on this vulnerability.

Successful exploitation of this vulnerability may allow execution of arbitrary code. The vulnerabilities are in version 8.4.17 and prior. The solution for the vulnerabilities is to update to version 8.4.18.



Leave a Reply

You must be logged in to post a comment.