Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Symantec Altiris Notification Server静态加密密钥非授权访问漏洞
Vulnerability Description
Symantec Altiris产品为Symantec所提供的IT生命周期管理解决方案。 Altiris产品所使用的Notification Server的Web控制台存储了管理员所输入凭据的静态加密密钥,本地用户可以读取这个凭据用户非授权访问发现信息,或在服务器上获得权限提升;此外如果系统配置为使用SQL服务器凭据进行数据库访问,这还可能导致非授权访问Notification Server数据库上的信息。
CVSS Information
N/A
Vulnerability Type
N/A