Release DateOct 21, 2011 |
Severitymedium |
ImpactInformation Disclosure: Remote attackers can gain sensitive information from vulnerable systems. |
DescriptionThis indicates an attack attempt against a Cross Site Scripting Vulnerability in Symantec IM Manager.The vulnerability is caused due to improperly sanitized input of URL parameters to various pages of the management console. It allows a remote attacker to exploit these vulnerabilities by enticing a user to follow a specially crafted link to the management console. |
Affected ProductsSymantec IM Manager prior to 8.4.18 |
Recommended ActionsRefer to the vendor's website for suggested workaround.http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid= security_advisory&pvid=security_advisory&year=2011&suid=20110929_00 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2011-0552 |
Reference/shttp://www.securityfocus.com/bid/49739 (BugTraq) |
