Remote Code Execution Vulnerability in Novell ZENworks Configuration Management
CVE-2013-1080

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks Configuration Management
Vendor: CVE Published:; 29 March 2013

Summary

The web server component of Novell ZENworks Configuration Management versions prior to 11.2.4 is vulnerable to a remote code execution exploit due to improper authentication mechanisms for certain JSP pages. An attacker can exploit this vulnerability through crafted requests sent to TCP port 443, potentially allowing them to conduct directory traversal attacks. This can lead to unauthorized file uploads and execution of arbitrary programs, exposing the system to significant risks.

References

http://www.novell.com/support/kb/doc.php?id=7011812

x_refsource_CONFIRM

http://www.novell.com/support/kb/doc.php?id=7012027

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-13-049/

x_refsource_MISC

EPSS Score

72% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 29, 2013
Vulnerability Reserved
Jan 11, 2013