Several vulnerabilities were reported in Symantec Security Information Manager
Symantec Security Information Manager Appliance Version 4.7.x and 4.8.0
Symantec was notified of multiple security issues impacting the SSIM management console
The console does not properly filter HTML code from user-supplied input before displaying the input
A remote authenticated user can supply a specially crafted parameter value to execute SQL commands on the underlying database
A remote user can access webGUI APIs to obtain potentially sensitive information
Successful exploitation could result in potential cookie stealing, session hijacking, unauthorized disclosure of sensitive application information and potential for unauthorized database manipulation.
Vendor recommends updating to version 4.8.1