SQL Injection Vulnerabilities in Novell ZENworks Patch Management
CVE-2005-3315

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks Patch Management Server
Vendor: CVE Published:; 30 October 2005

Summary

Multiple SQL injection vulnerabilities exist in Novell ZENworks Patch Management 6.x prior to version 6.2.2.181. These vulnerabilities allow remote attackers to execute arbitrary SQL commands through the manipulation of specific parameters. The affected parameters include 'Direction' in 'computers/default.asp' and 'SearchText', 'StatusFilter', and 'computerFilter' in 'reports/default.asp'. This can lead to unauthorized access to sensitive data or manipulation of the database.

References

http://support.novell.com/cgi-bin/search/searchtid.cgi?10...

x_refsource_CONFIRM

http://securityreason.com/securityalert/124

third-party-advisoryx_refsource_SREASON

http://securitytracker.com/id?1015116

vdb-entryx_refsource_SECTRACK

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 30, 2005
Vulnerability Reserved
Oct 26, 2005