What is CVE-2015-0779?

CVE-2015-0779 is a vulnerability in Novell Zenworks_configuration_management, classified under Path Traversal. Published 2015-06-07.

Is CVE-2015-0779 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Novell Zenworks_configuration_management

CVE-2015-0779

Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunctio…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.801 (99.1th percentile) — read the EPSS interpretation.

Affected products

Novell Zenworks_configuration_management — versions 11, 11.2, 11.2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

security@opentext.com (x_refsource_MISC)
36964 (exploit, x_refsource_EXPLOIT-DB)
security@opentext.com (x_refsource_CONFIRM)
security@opentext.com (x_refsource_MISC)
20150407 [CVE-2015-0779]: Novell ZenWorks Configuration Management remote code execution (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2015-0779?: CVE-2015-0779 is a vulnerability in Novell Zenworks_configuration_management, classified under Path Traversal. Published 2015-06-07.
Is CVE-2015-0779 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.