CVE-2012-2223Sensitive Information Exposure in Zenworks Configuration Management

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
1.2%
top 21.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Novell Zenworks Configuration Management
Timeline
PublishedApr 11
Latest updateMay 17

Description

The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-rr92-4wr6-r965: The xplat agent in Novell ZENworks Configuration Management (ZCM) 102022-05-17
CVEList
CVE-2012-2223: The xplat agent in Novell ZENworks Configuration Management (ZCM) 102012-04-11
CVE-2012-2223 — Sensitive Information Exposure | cvebase