File Exposure Vulnerability in Novell ZENworks Configuration Management
CVE-2015-0783

6.5MEDIUM

Key Information:

Vendor

Novell
Status
Zenworks Configuration Management
Vendor
CVE Published:
9 August 2017

What is CVE-2015-0783?

The FileViewer class in Novell ZENworks Configuration Management allows remote authenticated users to gain unauthorized access to sensitive files through the manipulation of the filename variable. This can lead to the exposure of critical information, potentially impacting the security posture of organizations using the application.

References

http://www.securitytracker.com/id/1032166
vdb-entryx_refsource_SECTRACK
http://www.zerodayinitiative.com/advisories/ZDI-15-150
x_refsource_MISC
https://www.novell.com/support/kb/doc.php?id=7016431
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.