Short Name |
APP:SYMC:ALTIRIS-DS-SQL-INJ |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Symantec Altiris DS SQL Injection |
Release Date |
2014/03/07 |
Update Number |
2352 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit multiple SQL Injection vulnerability in Symantec Altiris. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Symantec Altiris Deployment Solution is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers. Versions prior to Symantec Altiris Deployment Solution 6.9.176 are vulnerable.