CVE-2015-0781

9.8CRITICAL

Key Information:

Vendor: Novell
Status: Zenworks Configuration Management
Vendor: CVE Published:; 9 August 2017

Summary

Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors.

References

https://www.novell.com/support/kb/doc.php?id=7016431

x_refsource_CONFIRM

http://www.securityfocus.com/bid/74291

vdb-entryx_refsource_BID

http://www.zerodayinitiative.com/advisories/ZDI-15-151

x_refsource_MISC

EPSS Score

42% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 9, 2017
Vulnerability Reserved
Jan 7, 2015

Collectors

NVD DatabaseMitre Database