Shodan
Vulnerabilities
Vulnerable Software
Novell:  >> Zenworks Configuration Management  >> 11.2  Security Vulnerabilities
CVE-2013-1097
Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload event.
CVSS Score
4.3
EPSS Score
0.013
Published
2013-06-17
CVE-2013-1093
Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter.
CVSS Score
5.8
EPSS Score
0.02
Published
2013-06-17
CVE-2013-1094
Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-core in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via an invalid locale.
CVSS Score
4.3
EPSS Score
0.024
Published
2013-06-17
CVE-2013-1095
Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event.
CVSS Score
4.3
EPSS Score
0.013
Published
2013-06-17
CVE-2013-1080
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.
CVSS Score
10.0
EPSS Score
0.729
Published
2013-03-29
CVE-2013-1079
Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method.
CVSS Score
6.8
EPSS Score
0.026
Published
2013-03-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved