Directory Traversal Vulnerability in Novell ZENworks Configuration Management
CVE-2013-1084

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks Configuration Management
Vendor: CVE Published:; 2 November 2013

Summary

A directory traversal vulnerability exists in the umaninv service of Novell ZENworks Configuration Management, specifically in the GetFle method. This weakness allows remote attackers to exploit the Filename parameter in a GetFile action, manipulating file paths with '../' sequences to access arbitrary files on the server. Organizations utilizing the affected version should prioritize applying available patches to safeguard against unauthorized file access.

References

http://www.novell.com/support/kb/doc.php?id=7012760

x_refsource_CONFIRM

http://www.novell.com/support/kb/doc.php?id=7012027

x_refsource_CONFIRM

http://secunia.com/advisories/55450

third-party-advisoryx_refsource_SECUNIA

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 2, 2013