10
CVE-2015-0779
- EPSS 80.15%
- Veröffentlicht 07.06.2015 23:59:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle security@opentext.com
- Teams Watchlist Login
- Unerledigt Login
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Novell ≫ Zenworks Configuration Management Version11
Novell ≫ Zenworks Configuration Management Version11 Updatesp1
Novell ≫ Zenworks Configuration Management Version11.2
Novell ≫ Zenworks Configuration Management Version11.2.1
Novell ≫ Zenworks Configuration Management Version11.2.2
Novell ≫ Zenworks Configuration Management Version11.2.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 80.15% | 0.991 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.