CVE-2010-3719

Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method.

CVSS v2.0 8.5 HIGH

8.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 6.8 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/70755
http://secunia.com/advisories/43143	Vendor Advisory
http://www.securityfocus.com/archive/1/516103/100/0/threaded
http://www.securityfocus.com/bid/45946
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110131_00
http://www.vupen.com/english/advisories/2011/0259	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-11-037
https://exchange.xforce.ibmcloud.com/vulnerabilities/65040

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:im_manager::::::::
	cpe:2.3:a:symantec:im_manager:6.0:::::::*
	cpe:2.3:a:symantec:im_manager:6.5:::::::*
	cpe:2.3:a:symantec:im_manager:7.0:::::::*
	cpe:2.3:a:symantec:im_manager:7.5:::::::*
	cpe:2.3:a:symantec:im_manager:8.3:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.0:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.1:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.2:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.5:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.6:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.7:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.8:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.9:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.10:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.11:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.12:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.13:::::::*
	cpe:2.3:a:symantec:im_manager:8.4.15:::::::*

History

No history.

Information

Published : 2011-02-02 01:00

Updated : 2024-02-04 17:54

NVD link : CVE-2010-3719

Mitre link : CVE-2010-3719

CVE.ORG link : CVE-2010-3719

JSON object : View

Products Affected

symantec

im_manager

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2010-3719", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-02-02T01:00:02.110", "references": [{"url": "http://osvdb.org/70755", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/43143", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/516103/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/45946", "source": "cve@mitre.org"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110131_00", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2011/0259", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-037", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65040", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n mediante eval en IMAdminSchedTask.asp en la interfaz administrativa para Symantec IM Manager v8.4.16 y anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de par\u00e1metros no especificados en el m\u00e9todo ScheduleTask."}], "lastModified": "2018-10-10T20:05:15.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:im_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEE084E9-DCDA-45A2-A3E3-C4BE87BDF822", "versionEndIncluding": "8.4.16"}, {"criteria": "cpe:2.3:a:symantec:im_manager:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87BA745A-3998-429B-B416-CDCEBDD3FC5B"}, {"criteria": "cpe:2.3:a:symantec:im_manager:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1F0066B-3C1D-4BB6-9DB6-2620E727F5DA"}, {"criteria": "cpe:2.3:a:symantec:im_manager:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BA7FC31-F04E-4E6D-800D-BA2EB70710B0"}, {"criteria": "cpe:2.3:a:symantec:im_manager:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42E91241-B62C-4EA4-8B64-752480D52FCD"}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B7AB297-B32E-4EBC-BB4A-D1D9A234E341"}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72E971F0-1AB3-4C9C-AB14-481C2479A847"}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63804646-FC4B-450D-8C7A-9EBF92448B03"}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "196FAD08-F697-4457-AA31-7839808D295A"}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A598C830-F638-4AE9-BEB4-F25DE4E5B75E"}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FB25003-604F-4E58-94DF-D2833AAD74D9"}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C64BD10-3AB5-47E1-B622-E44E4AAF3582"}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7C5042B-ACF9-4DCB-ABE2-5358B5700497"}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA7554C0-C82D-4DAE-BB25-86715C031184"}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4F8EFAF-92DC-42FE-82C6-F3CB02C410B2"}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "397A2056-A136-4AEB-A332-7617970DD3E8"}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45F0111E-E2D1-416B-9C0B-526633D2AFFC"}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CBDCE74-5DFC-426D-9AE3-63FC555D92AC"}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBAC2134-3A86-4766-948C-D0E84A17F791"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}