VYPR

Management Platform

by Symantec

CVEs (7)

  • CVE-2025-57602CriSep 22, 2025
    risk 0.64cvss 9.8epss 0.00

    Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT…

  • CVE-2025-52352CriAug 21, 2025
    risk 0.64cvss 9.8epss 0.01

    Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing…

  • CVE-2025-52351HigAug 21, 2025
    risk 0.57cvss 8.8epss 0.00

    Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in…

  • CVE-2009-3031Nov 3, 2009
    risk 0.07cvss epss 0.45

    Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris…

  • CVE-2009-3028Mar 7, 2011
    risk 0.06cvss epss 0.43

    The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of…

  • CVE-2009-3033Nov 25, 2009
    risk 0.06cvss epss 0.40

    Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote…

  • CVE-2013-5008Oct 10, 2013
    risk 0.00cvss epss 0.00

    The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across different customers' installations, which makes it easier for local users to…