CSRF in Novell Zenworks_configuration_management

CVE-2013-6346

Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.003 (53.2th percentile) — read the EPSS interpretation.

Affected products

Novell Zenworks_configuration_management — versions 10.2, 10.3, 10.3.1
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

cve@mitre.org (x_refsource_CONFIRM)