Directory Traversal Vulnerability in Novell ZENworks Asset Management
CVE-2011-2653

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks Asset Management
Vendor: CVE Published:; 8 December 2011

Summary

A directory traversal vulnerability exists in the rtrlet component of Novell ZENworks Asset Management 7.5. This flaw permits remote attackers to upload executable files, potentially leading to arbitrary code execution on the affected system. The weakness arises from insufficient validation of user-supplied input, allowing attackers to manipulate file paths. Organizations using vulnerable versions should apply the latest security updates to mitigate this risk.

References

http://download.novell.com/Download?buildid=hPvHtXeNmCU~

x_refsource_CONFIRM

http://zerodayinitiative.com/advisories/ZDI-11-342/

x_refsource_MISC

EPSS Score

86% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 8, 2011