Lucene search
HistoryMar 29, 2013 - 4:09 p.m.
CVE-2013-1080
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.4
Confidence
High
EPSS
0.869
Percentile
98.6%
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.
Affected configurations
Node
novellzenworks_configuration_managementMatch10.3
ORnovellzenworks_configuration_managementMatch11.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | zenworks_configuration_management | 10.3 | cpe:2.3:a:novell:zenworks_configuration_management:10.3:*:*:*:*:*:*:* |
| novell | zenworks_configuration_management | 11.2 | cpe:2.3:a:novell:zenworks_configuration_management:11.2:*:*:*:*:*:*:* |
Related
zdi
zdi
metasploit
metasploit
Novell ZENworks Configuration Management Remote Execution
2013-03-30 18:35:04
checkpoint_advisories
checkpoint_advisories
Novell ZENworks Configuration Management File Upload (CVE-2013-1080)
2013-06-30 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_ZCM2
2013-03-29 16:09:00
prion
prion
Directory traversal
2013-03-29 16:09:00
packetstorm
packetstorm
Novell ZENworks Configuration Management Remote Execution
2013-04-02 00:00:00
nessus
nessus
Novell ZENworks Control Center File Upload Remote Code Execution (intrusive check)
2013-06-18 00:00:00
Novell ZENworks Control Center File Upload Remote Code Execution
2013-03-28 00:00:00
zdt
zdt
Novell ZENworks Configuration Management Remote Execution
2013-04-02 00:00:00
cvelist
cvelist
CVE-2013-1080
2013-03-29 10:00:00
saint
saint
Novell ZENworks Control Center file upload vulnerability
2013-05-03 00:00:00
Novell ZENworks Control Center file upload vulnerability
2013-05-03 00:00:00
Novell ZENworks Control Center file upload vulnerability
2013-05-03 00:00:00
dsquare
dsquare
Novell ZENworks Configuration Management 11 SP2 File Upload
2013-04-30 00:00:00
exploitdb
exploitdb
cve
cve
CVE-2013-1080
2013-03-29 16:09:05
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.4
Confidence
High
EPSS
0.869
Percentile
98.6%
Related for NVD:CVE-2013-1080