4.8

CVE-2009-3107

EPSS 0.24%
Published 08.09.2009 23:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Altiris Deployment Solution Version6.9

Symantec ≫ Altiris Deployment Solution Version6.9 Updatesp1

Symantec ≫ Altiris Deployment Solution Version6.9 Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.44

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.8	6.5	4.9	AV:A/AC:L/Au:N/C:P/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/36502

Vendor Advisory

Broken Link

http://www.securityfocus.com/bid/36110

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id?1022779

Third Party Advisory

Broken Link

VDB Entry

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2009-3107

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3107

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3107

EUVD