{"api_version":"1","generated_at":"2026-04-23T11:59:38+00:00","cve":"CVE-2009-3107","urls":{"html":"https://cve.report/CVE-2009-3107","api":"https://cve.report/api/cve/CVE-2009-3107.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-3107","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-3107"},"summary":{"title":"CVE-2009-3107","description":"Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.","state":"PUBLISHED","assigner":"mitre","published_at":"2009-09-08 23:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-287","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.8","severity":"","vector":"AV:A/AC:L/Au:N/C:P/I:P/A:N","data":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:P/A:N","baseScore":4.8,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/36110","name":"http://www.securityfocus.com/bid/36110","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"Symantec Altiris Deployment Solution 'DBManager' Authentication Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/36502","name":"http://secunia.com/advisories/36502","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Vendor Advisory"],"title":"Symantec Altiris Deployment Solution Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00","name":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"Security Advisories Relating to Symantec Products - Symantec Altiris Deployment Solution Multiple Vulnerabilities - August 26, 2009 | Symantec","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1022779","name":"http://www.securitytracker.com/id?1022779","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"SecurityTracker.com Archives - Symantec Altiris Deployment Solution Multiple Flaws Let Remote Users Modify the Configuration, Execute Arbitrary Commands, and Deny Service","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-3107","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3107","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"3107","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"altiris_deployment_solution","cpe6":"6.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3107","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"altiris_deployment_solution","cpe6":"6.9","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3107","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"altiris_deployment_solution","cpe6":"6.9","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T06:14:56.367Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"36502","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36502"},{"name":"36110","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/36110"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00"},{"name":"1022779","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1022779"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-08-26T00:00:00.000Z","descriptions":[{"lang":"en","value":"Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2013-02-07T10:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"36502","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36502"},{"name":"36110","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/36110"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00"},{"name":"1022779","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1022779"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2009-3107","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"36502","refsource":"SECUNIA","url":"http://secunia.com/advisories/36502"},{"name":"36110","refsource":"BID","url":"http://www.securityfocus.com/bid/36110"},{"name":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00","refsource":"CONFIRM","url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00"},{"name":"1022779","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1022779"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2009-3107","datePublished":"2009-09-08T23:00:00.000Z","dateReserved":"2009-09-08T00:00:00.000Z","dateUpdated":"2024-08-07T06:14:56.367Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-09-08 23:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-287","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:P/A:N","baseScore":4.8,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.5,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*","matchCriteriaId":"F0002047-0965-4086-A5E6-AEC02200B6CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*","matchCriteriaId":"EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*","matchCriteriaId":"4DC0FB60-BF58-455B-B5D1-97EDF2D6D0E5"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"3107","Ordinal":"1","Title":"CVE-2009-3107","CVE":"CVE-2009-3107","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"3107","Ordinal":"1","NoteData":"Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.","Type":"Description","Title":"CVE-2009-3107"},{"CveYear":"2009","CveId":"3107","Ordinal":"2","NoteData":"2009-09-08","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"3107","Ordinal":"3","NoteData":"2013-02-07","Type":"Other","Title":"Modified"}]}}}