Auth bypass in Novell Zenworks_configuration_management

CVE-2013-6347

Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors.

Vulnerability class: Broken Authentication

EPSS: 0.008 (74.5th percentile) — read the EPSS interpretation.

Affected products

Novell Zenworks_configuration_management — versions 10.2, 10.3, 10.3.1
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

cve@mitre.org (x_refsource_CONFIRM)