CVE-2010-4229 — Path Traversal in Zenworks Configuration Management

CWE-22 — Path Traversal3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

34.2%

top 3.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Zenworks Configuration Management

Timeline

PublishedApr 18

Latest updateMay 14

Description

Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDnovell/zenworks_configuration_management10.3, 10.3.1, 11+2

🔴Vulnerability Details

GHSA

GHSA-6cv4-fcmj-6mp5: Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configura↗2022-05-14

▶

CVEList

CVE-2010-4229: Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configura↗2011-04-18

▶