CVE-2009-3107
Severity Score
4.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.
Symantec Altiris Deployment Solution v6.9.x anterior a v6.9 SP3 Build 430 no restringe el acceso de forma adecuada al puerto de escucha para el servicio DBManager, esto permite a atacantes remotos evitar la autenticación y modificar tareas o la base de datos Altiris mediante una conexión a este servicio.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-09-08 CVE Reserved
- 2009-09-08 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (4)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/36502 | 2024-02-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9" | sp1 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9" | sp2 |
Affected
| ||||||