Vulnerability Details : CVE-2009-3107

Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.

Published 2009-09-08 23:30:01

Updated 2013-02-07 04:21:39

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2009-3107

Probability of exploitation activity in the next 30 days: 0.17%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 53 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-3107

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.8	MEDIUM	AV:A/AC:L/Au:N/C:P/I:P/A:N	6.5	4.9	[email protected]
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2009-3107

CWE-264

Assigned by: [email protected] (Primary)

References for CVE-2009-3107

Products affected by CVE-2009-3107

Symantec » Altiris Deployment Solution » Version: 6.9
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
Matching versions
Symantec » Altiris Deployment Solution » Version: 6.9 Update SP2
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*
Matching versions
Symantec » Altiris Deployment Solution » Version: 6.9 Update SP1
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*
Matching versions