What is CVE-2009-3035?

CVE-2009-3035 is a vulnerability in Symantec Altiris_notification_server, classified under CWE-255. Published 2010-02-02.

Is CVE-2009-3035 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Symantec Altiris_notification_server

CVE-2009-3035

The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which…

EPSS: 0.001 (25.8th percentile) — read the EPSS interpretation.

Affected products

Symantec Altiris_notification_server — versions 6.0
N/a — versions n/a

Weakness classification (CWE)

CWE-255

Public proof-of-concept exploits

Alman368/MNDefender

References

62010 (x_refsource_OSVDB, vdb-entry)
38356 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
37953 (vdb-entry, x_refsource_BID)
1023521 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM)
ADV-2010-0256 (vdb-entry, x_refsource_VUPEN)
symantec-ans-key-unauth-access(55952) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2009-3035?: CVE-2009-3035 is a vulnerability in Symantec Altiris_notification_server, classified under CWE-255. Published 2010-02-02.
Is CVE-2009-3035 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.