{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-10-27T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file; (2) unspecified parameters in a DetailReportGroup (aka DetailReportGroup.lgx) action to rdpageimlogic.aspx; the (3) selclause, (4) whereTrendTimeClause, (5) TrendTypeForReport, (6) whereProtocolClause, or (7) groupClause parameter in a SummaryReportGroup (aka SummaryReportGroup.lgx) action to rdpageimlogic.aspx; the (8) loginTimeStamp, (9) dbo, (10) dateDiffParam, or (11) whereClause parameter in a LoggedInUsers (aka LoggedInUSers.lgx) action to (a) rdpageimlogic.aspx or (b) rdPage.aspx; the (12) selclause, (13) whereTrendTimeClause, (14) TrendTypeForReport, (15) whereProtocolClause, or (16) groupClause parameter to rdpageimlogic.aspx; (17) the groupList parameter to IMAdminReportTrendFormRun.asp; or (18) the email parameter to IMAdminScheduleReport.asp."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-220/"}, {"name": "ADV-2010-2789", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2789"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-226/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-223/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-221/"}, {"name": "44299", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/44299"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101027_01"}, {"name": "68903", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/68903"}, {"name": "68902", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/68902"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-224/"}, {"name": "1024648", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024648"}, {"name": "68901", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/68901"}, {"name": "immanager-unspecified-sql-injection(62806)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62806"}, {"name": "41959", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41959"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-222/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-225/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0112", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file; (2) unspecified parameters in a DetailReportGroup (aka DetailReportGroup.lgx) action to rdpageimlogic.aspx; the (3) selclause, (4) whereTrendTimeClause, (5) TrendTypeForReport, (6) whereProtocolClause, or (7) groupClause parameter in a SummaryReportGroup (aka SummaryReportGroup.lgx) action to rdpageimlogic.aspx; the (8) loginTimeStamp, (9) dbo, (10) dateDiffParam, or (11) whereClause parameter in a LoggedInUsers (aka LoggedInUSers.lgx) action to (a) rdpageimlogic.aspx or (b) rdPage.aspx; the (12) selclause, (13) whereTrendTimeClause, (14) TrendTypeForReport, (15) whereProtocolClause, or (16) groupClause parameter to rdpageimlogic.aspx; (17) the groupList parameter to IMAdminReportTrendFormRun.asp; or (18) the email parameter to IMAdminScheduleReport.asp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-220/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-220/"}, {"name": "ADV-2010-2789", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2789"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-226/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-226/"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-223/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-223/"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-221/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-221/"}, {"name": "44299", "refsource": "BID", "url": "http://www.securityfocus.com/bid/44299"}, {"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101027_01", "refsource": "CONFIRM", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101027_01"}, {"name": "68903", "refsource": "OSVDB", "url": "http://osvdb.org/68903"}, {"name": "68902", "refsource": "OSVDB", "url": "http://osvdb.org/68902"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-224/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-224/"}, {"name": "1024648", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024648"}, {"name": "68901", "refsource": "OSVDB", "url": "http://osvdb.org/68901"}, {"name": "immanager-unspecified-sql-injection(62806)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62806"}, {"name": "41959", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41959"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-222/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-222/"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-225/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-225/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0112", "datePublished": "2010-10-28T19:00:00", "dateReserved": "2009-12-31T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:im_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E351AFC8-57AD-4D2C-924C-357801E91DCE", "versionEndIncluding": "8.4.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "87BA745A-3998-429B-B416-CDCEBDD3FC5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "F1F0066B-3C1D-4BB6-9DB6-2620E727F5DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "8BA7FC31-F04E-4E6D-800D-BA2EB70710B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "42E91241-B62C-4EA4-8B64-752480D52FCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.3:*:*:*:*:*:*:*", "matchCriteriaId": "9B7AB297-B32E-4EBC-BB4A-D1D9A234E341", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "72E971F0-1AB3-4C9C-AB14-481C2479A847", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "63804646-FC4B-450D-8C7A-9EBF92448B03", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "196FAD08-F697-4457-AA31-7839808D295A", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "A598C830-F638-4AE9-BEB4-F25DE4E5B75E", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "5FB25003-604F-4E58-94DF-D2833AAD74D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "1C64BD10-3AB5-47E1-B622-E44E4AAF3582", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "C7C5042B-ACF9-4DCB-ABE2-5358B5700497", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "CA7554C0-C82D-4DAE-BB25-86715C031184", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "D4F8EFAF-92DC-42FE-82C6-F3CB02C410B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "397A2056-A136-4AEB-A332-7617970DD3E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "45F0111E-E2D1-416B-9C0B-526633D2AFFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:im_manager:8.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "5CBDCE74-5DFC-426D-9AE3-63FC555D92AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file; (2) unspecified parameters in a DetailReportGroup (aka DetailReportGroup.lgx) action to rdpageimlogic.aspx; the (3) selclause, (4) whereTrendTimeClause, (5) TrendTypeForReport, (6) whereProtocolClause, or (7) groupClause parameter in a SummaryReportGroup (aka SummaryReportGroup.lgx) action to rdpageimlogic.aspx; the (8) loginTimeStamp, (9) dbo, (10) dateDiffParam, or (11) whereClause parameter in a LoggedInUsers (aka LoggedInUSers.lgx) action to (a) rdpageimlogic.aspx or (b) rdPage.aspx; the (12) selclause, (13) whereTrendTimeClause, (14) TrendTypeForReport, (15) whereProtocolClause, or (16) groupClause parameter to rdpageimlogic.aspx; (17) the groupList parameter to IMAdminReportTrendFormRun.asp; or (18) the email parameter to IMAdminScheduleReport.asp."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en la Interfaz Administrativa en la extensi\u00f3n IIS en IM Manager de Symantec anterior a versi\u00f3n 8.4.16, permiten a los atacantes remotos ejecutar comandos SQL arbitrarios por medio de (1) el par\u00e1metro rdReport en el archivo rdpageimlogic.aspx, relacionado con la funci\u00f3n sGetDefinition en la biblioteca rdServer.dll, y declaraciones SQL contenidas en un determinado archivo de informe; (2) par\u00e1metros no especificados en una acci\u00f3n DetailReportGroup (tambi\u00e9n se conoce como DetailReportGroup.lgx) en el archivo rdpageimlogic.aspx; el par\u00e1metro (3) selclause, (4) whereTrendTimeClause, (5) TrendTypeForReport, (6) whereProtocolClause o (7) groupClause en una acci\u00f3n SummaryReportGroup (tambi\u00e9n se conoce como SummaryReportGroup.lgx) en el archivo rdpageimlogic.aspx; el par\u00e1metro (8) loginTimeStamp, (9) dbo, (10) dateDiffParam o (11) whereClause en una acci\u00f3n LoggedInUsers (tambi\u00e9n se conoce como LoggedInUSers.lgx) en el archivo (a) rdpageimlogic.aspx o (b) rdPage.aspx; el par\u00e1metro (12) selclause, (13) whereTrendTimeClause, (14) TrendTypeForReport, (15) whereProtocolClause, o (16) groupClause en el archivo rdpageimlogic.aspx; (17) el par\u00e1metro groupList en el archivo IMAdminReportTrendFormRun.asp; o (18) par\u00e1metro email en el archivo IMAdminScheduleReport.asp."}], "id": "CVE-2010-0112", "lastModified": "2017-08-17T01:31:52.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-10-28T20:00:02.483", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/68901"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/68902"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/68903"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41959"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/44299"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1024648"}, {"source": "cve@mitre.org", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101027_01"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2789"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-220/"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-221/"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-222/"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-223/"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-224/"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-225/"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-226/"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62806"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}