CVE-2011-2658 — Zenworks Configuration Management vulnerability

CWE-2643 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

3.3%

top 12.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Zenworks Configuration Management

Timeline

PublishedJul 26

Latest updateMay 17

Description

The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDnovell/zenworks_configuration_management10.2, 10.3, 11+2

Patches

Patch: www.novell.com ↗Patch: www.zerodayinitiative.com ↗Patch: www.novell.com ↗

🔴Vulnerability Details

GHSA

GHSA-mq89-86cj-h68m: The ISList↗2022-05-17

▶

CVEList

CVE-2011-2658: The ISList↗2012-07-26

▶