CVE-2008-6828
HIGHSymantec Altiris Deployment Solution < 6.9.355 - Cleartext Storage of Sensitive Information
Title source: llmDescription
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.
References (6)
Core 6
Core References
Broken Link, Patch, Vendor Advisory x_refsource_confirm
http://securityresponse.symantec.com/avcenter/security/Content/2008.10.20b.html
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31773
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46007
Broken Link, Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2876
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31767
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1021072
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
13.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-312
Status
published
Products (2)
symantec/altiris_deployment_solution
6.9.355
symantec/altiris_deployment_solution
< 6.9.355
Published
Jun 08, 2009
Tracked Since
Feb 18, 2026