CVE-2006-3425

3 documents3 sources

Severity

7.5HIGH

EPSS

2.0%

top 16.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Zenworks Lumension Patchlink Update Server

Timeline

PublishedJul 7

Latest updateMay 1

Description

FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDlumension/patchlink_update_server6.1, 6.2.0.181, 6.2.0.189+2

▶NVDnovell/zenworks6.2

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-9j74-522h-j979: FastPatch for (a) PatchLink Update Server (PLUS) before 6↗2022-05-01

▶

CVEList

CVE-2006-3425: FastPatch for (a) PatchLink Update Server (PLUS) before 6↗2006-07-07

▶