Directory Traversal Vulnerability in Novell ZENworks Configuration Management
CVE-2013-3706

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks Configuration Management
Vendor: CVE Published:; 6 March 2014

Summary

A directory traversal vulnerability exists in the PreBoot service of Novell ZENworks Configuration Management (ZCM) version 11.2, which allows remote attackers to read arbitrary files by sending specially crafted preboot update pathnames that include '../' sequences. This flaw could result in unauthorized access to sensitive information, possibly exposing system configurations or user data.

References

http://www.novell.com/support/kb/doc.php?id=7014663

x_refsource_CONFIRM

http://www.securityfocus.com/bid/65912

vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 6, 2014
Vulnerability Reserved
May 30, 2013