CVE-2010-3719

Published: Feb 2, 2011Modified: Apr 29, 2026

8.5

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability: 6.8 / Impact: 10.0

Source: NVD

Description

Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method.

Affected (19)

Products: Symantec: Im Manager

1 product

Configuration A

19 vulnerable

Vulnerable Software	Affected Versions
Symantec Im Manager	Up to 8.4.16
Symantec Im Manager	Version 6.0
Symantec Im Manager	Version 6.5
Symantec Im Manager	Version 7.0
Symantec Im Manager	Version 7.5
Symantec Im Manager	Version 8.3
Symantec Im Manager	Version 8.4.0
Symantec Im Manager	Version 8.4.10
Symantec Im Manager	Version 8.4.11
Symantec Im Manager	Version 8.4.12
Symantec Im Manager	Version 8.4.13
Symantec Im Manager	Version 8.4.15
Symantec Im Manager	Version 8.4.1
Symantec Im Manager	Version 8.4.2
Symantec Im Manager	Version 8.4.5
Symantec Im Manager	Version 8.4.6
Symantec Im Manager	Version 8.4.7
Symantec Im Manager	Version 8.4.8
Symantec Im Manager	Version 8.4.9

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (16)

http://osvdb.org/70755

Source: cve@mitre.org

http://secunia.com/advisories/43143

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/516103/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/45946

Source: cve@mitre.org

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110131_00

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0259

Source: cve@mitre.org

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-11-037

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/65040

Source: cve@mitre.org

http://osvdb.org/70755

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43143

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/516103/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/45946

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110131_00

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0259

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-11-037

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/65040

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.