4.3
CVE-2009-3035
- EPSS 0.38%
- Veröffentlicht 02.02.2010 16:30:02
- Zuletzt bearbeitet 16.06.2026 23:10:46
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Symantec ≫ Altiris Notification Server Version6.0
Symantec ≫ Altiris Notification Server Version6.0 Updatesp1
Symantec ≫ Altiris Notification Server Version6.0 Updatesp2
Symantec ≫ Altiris Notification Server Version6.0 Updatesp3
Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r7
Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.292 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 3.1 | 6.4 |
AV:L/AC:L/Au:S/C:P/I:P/A:P
|
http://osvdb.org/62010
http://secunia.com/advisories/38356
http://www.securityfocus.com/bid/37953
http://www.securitytracker.com/id?1023521
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100128_00
http://www.vupen.com/english/advisories/2010/0256
https://exchange.xforce.ibmcloud.com/vulnerabilities/55952