CVE-2009-3035Altiris Notification Server vulnerability

CWE-2553 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 74.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Altiris Notification Server
Timeline
PublishedFeb 2
Latest updateMay 2

Description

The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.1 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-2c59-mm9r-vwwg: The web console in Symantec Altiris Notification Server 62022-05-02
CVEList
CVE-2009-3035: The web console in Symantec Altiris Notification Server 62010-02-02
CVE-2009-3035 — Symantec vulnerability | cvebase