Symantec IM Manager Administrator Interface SQL injection (CVE-2011-0553)

Symantec IM Manager is a software-based proxy to secure, manage, and log IM messages for enterprise and public IM protocols. It provides real-time threat protection against IM viruses, worms, and other types of attacks delivered through IM messages. An SQL injection vulnerability has been reporte...

Symantec IM Manager IMAdminLDAPConfig.asp SQL injection

Added: 10/31/2011 CVE: CVE-2011-0553 BID: 49738 OSVDB: 75984 Background Symantec IM Manager is a solution for managing and securing instant-messaging traffic in an enterprise. Problem An SQL injection vulnerability in IMAdminLDAPConfig.asp allows remote, authenticated attackers to execute arbitra...

Symantec IM Manager < 8.4.18 Multiple Vulnerabilities (SYM11-012)

The version of Symantec IM Manager running on the remote host is earlier than 8.4.18. Such versions are affected by the following vulnerabilities in the management console : - Multiple XSS. CVE-2011-0552 - An unspecified SQL injection. CVE-2011-0553 - An unspecified code injection. CVE-2011-0554 ...

CVE-2011-0553

SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2011-0553

The CVE-2011-0553 entry concerns Symantec IM Manager: an SQL injection in the management console (IMAdminLDAPConfig.asp) due to insufficient input validation. A remote attacker could exploit the flaw to execute arbitrary SQL on the underlying database (some sources note authentication is required...