CVE-2010-3719

Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method.

CVSS v2.0 8.5 HIGH

8.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 6.8 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.zerodayinitiative.com/advisories/ZDI-11-037
http://www.securityfocus.com/bid/45946
http://secunia.com/advisories/43143	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0259	Vendor Advisory
http://osvdb.org/70755
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110131_00
https://exchange.xforce.ibmcloud.com/vulnerabilities/65040
http://www.securityfocus.com/archive/1/516103/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:im_manager:8.3:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.9:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.10:::::::*
	cpe:2.3:a:symantec:im_manager:7.5:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.1:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.5:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.6:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.13:::::::*
	cpe:2.3:a:symantec:im_manager:6.0:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.0:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.2:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.8:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.15:::::::*
	cpe:2.3:a:symantec:im_manager:7.0:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.7:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.11:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.12:::::::*
	cpe:2.3:a:symantec:im_manager:6.5:::::::*
	cpe:2.3:a:symantec:im_manager::::::::

Information

Published : 2011-02-01 17:00

Updated : 2018-10-10 13:05

NVD link : CVE-2010-3719

Mitre link : CVE-2010-3719

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

Products Affected

symantec

im_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-037", "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-037", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/45946", "name": "45946", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/43143", "name": "43143", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2011/0259", "name": "ADV-2011-0259", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://osvdb.org/70755", "name": "70755", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110131_00", "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110131_00", "tags": [], "refsource": "CONFIRM"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65040", "name": "immanager-scheduletask-code-execution(65040)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/516103/100/0/threaded", "name": "20110131 ZDI-11-037: Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Eval Code Injection Remote Code Execution Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-3719", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2011-02-02T01:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:symantec:im_manager:8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:8.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:8.4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:8.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:8.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:8.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:8.4.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:8.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:8.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:8.4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:8.4.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:8.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:8.4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:8.4.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:im_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.4.16"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-10T20:05Z"}