Path Traversal in Novell Zenworks_configuration_management
CVE-2013-1084
Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename parameter in a GetFil…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.034 (87.7th percentile) — read the EPSS interpretation.
Affected products
- Novell Zenworks_configuration_management — versions 11.2.3
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- 55450 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)