CVE-2010-5323

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks Configuration Management
Vendor: CVE Published:; 7 June 2015

Summary

Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324.

References

https://www.novell.com/support/kb/doc.php?id=7005573

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-10-078/

x_refsource_MISC

http://www.exploit-db.com/exploits/16784/

exploitx_refsource_EXPLOIT-DB

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 7, 2015
Vulnerability Reserved
Mar 26, 2015

Collectors

NVD DatabaseMitre Database