CVE-2010-3719

2011-02-0201:00:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-3719

eval injection

imadminschedtask.asp

symantec im manager

security vulnerability

nvd

8.1 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.019 Low

EPSS

Percentile

88.4%

JSON

Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method.

CPENameOperatorVersion
symantec:im_managersymantec im managereq8.4.2
symantec:im_managersymantec im managereq8.4.8
symantec:im_managersymantec im managereq7.5
symantec:im_managersymantec im managereq8.4.15
symantec:im_managersymantec im managereq8.4.1
symantec:im_managersymantec im managereq7.0
symantec:im_managersymantec im managereq8.4.9
symantec:im_managersymantec im managereq8.4.7
symantec:im_managersymantec im managereq8.4.11
symantec:im_managersymantec im managereq6.0

CPE	Name	Operator	Version
symantec:im_manager	symantec im manager	eq	8.4.2
symantec:im_manager	symantec im manager	eq	8.4.8
symantec:im_manager	symantec im manager	eq	7.5
symantec:im_manager	symantec im manager	eq	8.4.15
symantec:im_manager	symantec im manager	eq	8.4.1
symantec:im_manager	symantec im manager	eq	7.0
symantec:im_manager	symantec im manager	eq	8.4.9
symantec:im_manager	symantec im manager	eq	8.4.7
symantec:im_manager	symantec im manager	eq	8.4.11
symantec:im_manager	symantec im manager	eq	6.0