Vulnerability Details CVE-2009-3107
Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.9%
CVSS Severity
CVSS v2 Score 4.8
References
- http://secunia.com/advisories/36502
- http://www.securityfocus.com/bid/36110
- http://www.securitytracker.com/id?1022779
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00
- http://secunia.com/advisories/36502
- http://www.securityfocus.com/bid/36110
- http://www.securitytracker.com/id?1022779
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00
Products affected by CVE-2009-3107
-
cpe:2.3:a:symantec:altiris_deployment_solution:6.9