Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.
References
Link | Resource |
---|---|
http://secunia.com/advisories/31773 | Broken Link Vendor Advisory |
http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html | Broken Link Patch Vendor Advisory |
http://www.securityfocus.com/bid/31767 | Broken Link Third Party Advisory VDB Entry |
http://www.securitytracker.com/id?1021072 | Broken Link Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2008/2876 | Broken Link Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/46007 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
14 Feb 2024, 15:20
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-312 | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/46007 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html - Broken Link, Patch, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/31773 - Broken Link, Vendor Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id?1021072 - Broken Link, Third Party Advisory, VDB Entry | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/2876 - Broken Link, Patch, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/31767 - Broken Link, Third Party Advisory, VDB Entry | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 7.8 |
CPE | cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:* cpe:2.3:a:symantec:altiris_deployment_solution:6.9.176:*:*:*:*:*:*:* cpe:2.3:a:symantec:altiris_deployment_solution:6.8.282:*:*:*:*:*:*:* cpe:2.3:a:symantec:altiris_deployment_solution:6.8.378:*:*:*:*:*:*:* cpe:2.3:a:symantec:altiris_deployment_solution:6:sp2:*:*:*:*:*:* cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp1:*:*:*:*:*:* cpe:2.3:a:symantec:altiris_deployment_solution:6.5.299:*:*:*:*:*:*:* cpe:2.3:a:symantec:altiris_deployment_solution:6.0:*:*:*:*:*:*:* cpe:2.3:a:symantec:altiris_deployment_solution:6:*:*:*:*:*:*:* cpe:2.3:a:symantec:altiris_deployment_solution:6.8.380.0:*:*:*:*:*:*:* cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:* cpe:2.3:a:symantec:altiris_deployment_solution:6.8:sp2:*:*:*:*:*:* cpe:2.3:a:symantec:altiris_deployment_solution:6.8.380:*:*:*:*:*:*:* cpe:2.3:a:symantec:altiris_deployment_solution:6:sp1:*:*:*:*:*:* cpe:2.3:a:symantec:altiris_deployment_solution:6.5.248:*:*:*:*:*:*:* |
cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:-:*:*:*:*:*:* |
Information
Published : 2009-06-08 19:30
Updated : 2024-02-28 11:21
NVD link : CVE-2008-6828
Mitre link : CVE-2008-6828
CVE.ORG link : CVE-2008-6828
JSON object : View
Products Affected
symantec
- altiris_deployment_solution
CWE
CWE-312
Cleartext Storage of Sensitive Information