CVE-2009-3035
Published Feb 2, 2010
Last updated 7 years ago
Overview
- Description
- The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 6.4
- Exploitability score
- 3.1
- Vector string
- AV:L/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-255
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68AF67FB-5FC8-4EAA-AF09-35D4740B967F"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B096EB3-F1E7-4933-972A-0E142CA854A5"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C13D2DE-7EA0-4963-BA60-5D01E037D954"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D085BB2-1012-4386-AEE9-31870673BF55"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E187D85-9F75-4749-9682-29F66D919E12"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "548B4DF2-D7EC-4BE7-BA52-2BDEF5577F49"
}
],
"operator": "OR"
}
]
}
]