Deployment Solution
by Symantec
CVEs (30)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-2289 | 0.00 | — | 0.00 | May 18, 2008 | Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. | |||
| CVE-2008-2288 | 0.00 | — | 0.00 | May 18, 2008 | Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information. | |||
| CVE-2008-2291 | 0.00 | — | 0.04 | May 18, 2008 | axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials. | |||
| CVE-2008-1754 | 0.00 | — | 0.00 | Apr 11, 2008 | Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory. | |||
| CVE-2008-1473 | 0.00 | — | 0.00 | Mar 24, 2008 | The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack. | |||
| CVE-2007-5838 | 0.00 | — | 0.00 | Nov 6, 2007 | Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380. | |||
| CVE-2007-3874 | 0.00 | — | 0.02 | Nov 6, 2007 | Directory traversal vulnerability in the tftp/mftp daemon in the PXE server component (pxemtftp.exe) in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2007-5555 | 0.00 | — | 0.00 | Oct 18, 2007 | Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka "Authentication Credentials Information Leakage in Altiris Deployment Solution." NOTE: this description is based on a vague… | |||
| CVE-2007-4380 | 0.00 | — | 0.00 | Aug 16, 2007 | Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer. | |||
| CVE-2004-2622 | 0.00 | — | 0.03 | Dec 31, 2004 | AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access. |
- CVE-2008-2289May 18, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors.
- CVE-2008-2288May 18, 2008risk 0.00cvss —epss 0.00
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information.
- CVE-2008-2291May 18, 2008risk 0.00cvss —epss 0.04
axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials.
- CVE-2008-1754Apr 11, 2008risk 0.00cvss —epss 0.00
Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory.
- CVE-2008-1473Mar 24, 2008risk 0.00cvss —epss 0.00
The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack.
- CVE-2007-5838Nov 6, 2007risk 0.00cvss —epss 0.00
Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380.
- CVE-2007-3874Nov 6, 2007risk 0.00cvss —epss 0.02
Directory traversal vulnerability in the tftp/mftp daemon in the PXE server component (pxemtftp.exe) in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows remote attackers to read arbitrary files via unspecified vectors.
- CVE-2007-5555Oct 18, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka "Authentication Credentials Information Leakage in Altiris Deployment Solution." NOTE: this description is based on a vague…
- CVE-2007-4380Aug 16, 2007risk 0.00cvss —epss 0.00
Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer.
- CVE-2004-2622Dec 31, 2004risk 0.00cvss —epss 0.03
AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access.
Page 2 of 2