CVE-2012-2215 — Path Traversal in Zenworks Configuration Management

CWE-22 — Path Traversal3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

35.4%

top 2.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Zenworks Configuration Management

Timeline

PublishedApr 9

Latest updateMay 17

Description

Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDnovell/zenworks_configuration_management11.1, 11.1a+1

Patches

Patch: download.novell.com ↗Patch: support.novell.com ↗Patch: download.novell.com ↗

🔴Vulnerability Details

GHSA

GHSA-vpvc-pq35-vhfw: Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11↗2022-05-17

▶

CVEList

CVE-2012-2215: Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11↗2012-04-09

▶