Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1080 — Improper Authentication in Zenworks Configuration Management

CWE-287 — Improper Authentication5 documents4 sources

Severity

10.0CRITICALNVD

EPSS

72.9%

top 1.22%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Novell Zenworks Configuration Management

Timeline

PublishedMar 29

Latest updateMay 17

Description

The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDnovell/zenworks_configuration_management10.3, 11.2+1

🔴Vulnerability Details

GHSA

GHSA-wpv9-pvp6-9mjq: The web server in Novell ZENworks Configuration Management (ZCM) 10↗2022-05-17

▶

CVEList

CVE-2013-1080: The web server in Novell ZENworks Configuration Management (ZCM) 10↗2013-03-29

▶

💥Exploits & PoCs

Exploit-DB

WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload↗2013-09-18

▶

Exploit-DB

Novell ZENworks Configuration Management 10 SP3/11 SP2 - Remote Execution (Metasploit)↗2013-04-08

▶