4.3

CVE-2012-2223

EPSS 1.17%
Published 11.04.2012 10:39:27
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Novell ≫ Zenworks Configuration Management Version10.3

Novell ≫ Zenworks Configuration Management Version10.3.1

Novell ≫ Zenworks Configuration Management Version10.3.2

Novell ≫ Zenworks Configuration Management Version10.3.3

Novell ≫ Zenworks Configuration Management Version11

Novell ≫ Zenworks Configuration Management Version11.1

Novell ≫ Zenworks Configuration Management Version11.1a

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.17%	0.767

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.novell.com/support/viewContent.do?externalId=7010044

http://www.novell.com/support/viewContent.do?externalId=7008244

http://www.novell.com/support/viewContent.do?externalId=7010137

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/74818

https://nvd.nist.gov/vuln/detail/CVE-2012-2223

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2223

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2223

EUVD