4.3

CVE-2009-3035

EPSS 0.09%
Veröffentlicht 02.02.2010 16:30:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Symantec ≫ Altiris Notification Server Version6.0

Symantec ≫ Altiris Notification Server Version6.0 Updatesp1

Symantec ≫ Altiris Notification Server Version6.0 Updatesp2

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r7

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.233

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	3.1	6.4	AV:L/AC:L/Au:S/C:P/I:P/A:P

http://osvdb.org/62010

http://secunia.com/advisories/38356

Vendor Advisory

http://www.securityfocus.com/bid/37953

http://www.securitytracker.com/id?1023521

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100128_00

http://www.vupen.com/english/advisories/2010/0256

https://exchange.xforce.ibmcloud.com/vulnerabilities/55952

https://nvd.nist.gov/vuln/detail/CVE-2009-3035

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3035

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3035

EUVD