CVE-2010-3719: Code Injection
First published: Wed Feb 02 2011(Updated: )
Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Broadcom Symantec Identity Manager | =8.4.2 | |
| Broadcom Symantec Identity Manager | =8.4.8 | |
| Broadcom Symantec Identity Manager | =7.5 | |
| Broadcom Symantec Identity Manager | =8.4.15 | |
| Broadcom Symantec Identity Manager | =8.4.1 | |
| Broadcom Symantec Identity Manager | =7.0 | |
| Broadcom Symantec Identity Manager | =8.4.9 | |
| Broadcom Symantec Identity Manager | =8.4.7 | |
| Broadcom Symantec Identity Manager | =8.4.11 | |
| Broadcom Symantec Identity Manager | =6.0 | |
| Broadcom Symantec Identity Manager | =8.4.12 | |
| Broadcom Symantec Identity Manager | =6.5 | |
| Broadcom Symantec Identity Manager | <=8.4.16 | |
| Broadcom Symantec Identity Manager | =8.3 | |
| Broadcom Symantec Identity Manager | =8.4.13 | |
| Broadcom Symantec Identity Manager | =8.4.5 | |
| Broadcom Symantec Identity Manager | =8.4.0 | |
| Broadcom Symantec Identity Manager | =8.4.10 | |
| Broadcom Symantec Identity Manager | =8.4.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.zerodayinitiative.com/advisories/ZDI-11-037
- http://www.securityfocus.com/bid/45946
- http://secunia.com/advisories/43143
- http://www.vupen.com/english/advisories/2011/0259
- http://osvdb.org/70755
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110131_00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65040
- http://www.securityfocus.com/archive/1/516103/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2010-3719?
CVE-2010-3719 has a high severity rating due to its potential for allowing remote code execution.
How do I fix CVE-2010-3719?
To fix CVE-2010-3719, upgrade to Symantec IM Manager version 8.4.17 or later.
Which versions of Symantec IM Manager are affected by CVE-2010-3719?
CVE-2010-3719 affects Symantec IM Manager versions 8.4.16 and earlier, including 8.4.2, 8.4.8, and 7.5.
What kind of attacks can be executed using CVE-2010-3719?
CVE-2010-3719 can be exploited by attackers to execute arbitrary code on the vulnerable systems.
Is there a workaround available for CVE-2010-3719?
There are no specific workarounds for CVE-2010-3719; it is recommended to apply the necessary updates.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/symantec
- canonical/broadcom symantec identity manager
- version/broadcom symantec identity manager/8.4.2
- version/broadcom symantec identity manager/8.4.8
- version/broadcom symantec identity manager/7.5
- version/broadcom symantec identity manager/8.4.15
- version/broadcom symantec identity manager/8.4.1
- version/broadcom symantec identity manager/7.0
- version/broadcom symantec identity manager/8.4.9
- version/broadcom symantec identity manager/8.4.7
- version/broadcom symantec identity manager/8.4.11
- version/broadcom symantec identity manager/6.0
- version/broadcom symantec identity manager/8.4.12
- version/broadcom symantec identity manager/6.5
- version/broadcom symantec identity manager/8.4.16
- version/broadcom symantec identity manager/8.3
- version/broadcom symantec identity manager/8.4.13
- version/broadcom symantec identity manager/8.4.5
- version/broadcom symantec identity manager/8.4.0
- version/broadcom symantec identity manager/8.4.10
- version/broadcom symantec identity manager/8.4.6