CVE-2009-3107

Published Sep 8, 2009

Last updated 9 months ago

Overview

Description: Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.8
Impact score: 4.9
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-287

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF"
          },
          {
            "criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464"
          },
          {
            "criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DC0FB60-BF58-455B-B5D1-97EDF2D6D0E5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References