Symantec IM Manager Cross-Site Scripting Vulnerability

Release date:
Updated on:

Affected Systems:
Symantec IM Manager 8.x
Unaffected system:
Symantec IM Manager 8.4.18
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49739
Cve id: CVE-2011-0552

Symantec IM Manager provides certification support for public and enterprise IM networks and seamlessly manages enterprise instant messaging, it also implements security assurance, logging and archiving-including fine-grained policy enforcement and security control for file, audio and video, VoIP, application sharing and other real-time communication functions. IM Manager can eliminate potential risks in enterprise instant messaging.

Symantec IM Manager has a cross-site scripting vulnerability in implementing external data filtering and verification. Remote attackers can exploit this vulnerability to execute arbitrary code in the user browsers of the affected sites and steal cookie creden.

<* Source: Sow Ching Shiong

Link: http://www.symantec.com/business/security_response/securityupdates/detail.jsp? Fid = security_advisory &
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Symantec
--------
Symantec has released a Security Bulletin (20110929_00) and corresponding patches for this purpose:

20110929_00: Security Advisories Relating to Symantec Products-Symantec IM Manager Administrator Console Multiple Issues

Link: http://www.symantec.com/business/security_response/securityupdates/detail.jsp? Fid = security_advisory &