CVE-2008-6828

EPSS 0.04%
Published 08.06.2009 19:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Altiris Deployment Solution Version < 6.9.355

Symantec ≫ Altiris Deployment Solution Version6.9.355 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.099

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.3	3.1	6.4	AV:L/AC:L/Au:S/C:P/I:P/A:P

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

http://secunia.com/advisories/31773

Vendor Advisory

Broken Link

http://www.vupen.com/english/advisories/2008/2876

Patch

Vendor Advisory

Broken Link

http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html

Patch

Vendor Advisory

Broken Link

http://www.securityfocus.com/bid/31767

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id?1021072

Third Party Advisory

Broken Link

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/46007

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2008-6828

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-6828

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-6828

EUVD