A vulnerability was reported in Symantec IM Manager. A remote user can inject SQL commands.
The Symantec IM Manager administration console does not properly validate user-supplied input. A remote user can supply specially crafted parameter values to execute SQL commands on the underlying database.
A remote user can execute SQL commands on the underlying database.