Detections
Analytics

Symantec IM Manager < 8.4.18 Multiple Vulnerabilities (SYM11-012)

medium Nessus Network Monitor Plugin ID 6031

Synopsis

The remote host contains a web application that is vulnerable to multiple attack vectors.

Description

The remote host is running Symantec IM Manager, an application for managing instant messaging traffic.

Versions of Symantec IM Manager earlier than build 8.4.18 are potentially affected by multiple vulnerabilities :

- An unspecified cross-site scripting vulnerability. (CVE-2011-0552)

 - An unspecified SQL injection vulnerability. (CVE-2011-0553)

 - An unspecified code injection vulnerability. (CVE-2011-0554)

Solution

Upgrade to Symantec IM Manager build 8.4.18 or later.

See Also

http://www.nessus.org/u?3c9f9e3f

Plugin Details

Severity: Medium

ID: 6031

Family: CGI

Published: 9/30/2011

Updated: 3/6/2019

Nessus ID: 56378

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:symantec:im_manager

Patch Publication Date: 9/29/2011

Vulnerability Publication Date: 9/29/2011

Reference Information

CVE: CVE-2011-0552, CVE-2011-0553, CVE-2011-0554

BID: 49738, 49739, 49742