Symantec Im Manager vulnerabilities

6 known vulnerabilities affecting symantec/im_manager.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2011-0553HIGHCVSS 7.5≤ 8.4.17v6.0+18 more2011-10-02
CVE-2011-0553 [HIGH] CWE-89 CVE-2011-0553: SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows re SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2011-0554HIGHCVSS 7.5≤ 8.4.17v6.0+18 more2011-10-02
CVE-2011-0554 [HIGH] CWE-94 CVE-2011-0554: The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbit The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "code injection issue."
nvd
CVE-2011-0552MEDIUMCVSS 4.3≤ 8.4.17v6.0+18 more2011-10-02
CVE-2011-0552 [MEDIUM] CWE-79 CVE-2011-0552: Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec IM Manager Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec IM Manager before 8.4.18 allow remote attackers to inject arbitrary web script or HTML via the (1) refreshRateSetting parameter to IMManager/Admin/IMAdminSystemDashboard.asp, the (2) nav or (3) menuitem parameter to IMManager/Admin/IMAdminTOC_simple.asp, or the (4
nvd
CVE-2010-3719HIGHCVSS 8.5≤ 8.4.16v6.0+17 more2011-02-02
CVE-2010-3719 [HIGH] CWE-94 CVE-2010-3719: Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method.
nvd
CVE-2010-0112HIGHCVSS 7.5≤ 8.4.15v6.0+16 more2010-10-28
CVE-2010-0112 [HIGH] CWE-89 CVE-2010-0112: Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Syman Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file; (
nvd
CVE-2009-3036MEDIUMCVSS 4.3v8.3v8.42010-02-23
CVE-2009-3036 [MEDIUM] CWE-79 CVE-2009-3036: Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8. Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.4.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd