4.3

CVE-2009-3035

EPSS 0.09%
Published 02.02.2010 16:30:02
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Altiris Notification Server Version6.0

Symantec ≫ Altiris Notification Server Version6.0 Updatesp1

Symantec ≫ Altiris Notification Server Version6.0 Updatesp2

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r7

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.233

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	3.1	6.4	AV:L/AC:L/Au:S/C:P/I:P/A:P

http://osvdb.org/62010

http://secunia.com/advisories/38356

Vendor Advisory

http://www.securityfocus.com/bid/37953

http://www.securitytracker.com/id?1023521

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100128_00

http://www.vupen.com/english/advisories/2010/0256

https://exchange.xforce.ibmcloud.com/vulnerabilities/55952

https://nvd.nist.gov/vuln/detail/CVE-2009-3035

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3035

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3035

EUVD