4 matches found
CVE-2006-3072
CVE-2006-3072 affects Symantec Security Information Manager prior to 4.0.2.29 HOTFIX 1, where the M4 Macro Library processes crafted rule definitions that produce dangerous Java code during M4 transformation, enabling local users to execute arbitrary commands. The vulnerability is local in scope ...
CVE-2013-1615
The CVE affects Symantec SSIM Appliance’s management/Java console (versions 4.7.x and 4.8.x prior to 4.8.1). It allows remote attackers to obtain sensitive information via unspecified web-GUI API calls, resulting in an information disclosure vulnerability. Remediation cited in sources is upgradin...
CVE-2013-1613
CVE-2013-1613 is a SQL injection vulnerability in the Symantec Security Information Manager (SSIM) appliance Java/management console. Affected versions are SSIM 4.7.x and 4.8.x before 4.8.1. The issue allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Sym...
CVE-2013-1614
The CVE-2013-1614 vulnerability affects Symantec Security Information Manager (SSIM) Appliance management console (Java Console) on versions 4.7.x and 4.8.x prior to 4.8.1. The issue is multiple cross-site scripting (XSS) vulnerabilities that could allow remote attackers to inject arbitrary scrip...