Symantec IM Manager IMAdminLDAPConfig.asp SQL injection

Added: 10/31/2011
CVE: CVE-2011-0553
BID: 49738
OSVDB: 75984

Background

Symantec IM Manager is a solution for managing and securing instant-messaging traffic in an enterprise.

Problem

An SQL injection vulnerability in IMAdminLDAPConfig.asp allows remote, authenticated attackers to execute arbitrary commands on the server.

Resolution

Upgrade to Symantec IM Manager 8.4.18.

References

http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110929_00

Limitations

Exploit works on Symantec IM Manager 8.4.16.

An authenticated user must visit the exploit server in a web browser and click on the button in order for the exploit to succeed.

Platforms

Windows

Back to exploit index