Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-2653

CWE-22 — Path Traversal4 documents4 sources

Severity

10.0CRITICAL

EPSS

84.7%

top 0.66%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Novell Zenworks Asset Management

Timeline

PublishedDec 8

Latest updateMay 17

Description

Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDnovell/zenworks_asset_management7.5

🔴Vulnerability Details

GHSA

GHSA-4q43-8hqg-w3px: Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7↗2022-05-17

▶

CVEList

CVE-2011-2653: Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7↗2011-12-08

▶

💥Exploits & PoCs

Exploit-DB

Novell ZENworks Asset Management - Remote Execution (Metasploit)↗2012-08-15

▶