Intrusion Prevention

Symentec.IM.Manager.Administrator.Interface.SQL.Injection

Description

This indicates an attack attempt to exploit a SQL Injection vulnerability in Symantec IM Manager.
The vulnerability is a result of the application's failure to properly sanitize user input in the administrator interface. As a result, a remote attacker can send a crafted web page to exploit this vulnerability.

Affected Products

Symantec IM Manager prior to 8.4.18

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patches or fixes, available from the website:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=
security_advisory&pvid=security_advisory&year=2011&suid=20110929_00

CVE References

CVE-2011-0553