CVE-2013-1093 — Improper Input Validation in Zenworks Configuration Management

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.8MEDIUMNVD

EPSS

0.8%

top 26.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Zenworks Configuration Management

Timeline

PublishedJun 17

Latest updateMay 17

Description

Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDnovell/zenworks_configuration_management4 versions+3

🔴Vulnerability Details

GHSA

GHSA-2476-32c9-5mv4: Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework↗2022-05-17

▶

CVEList

CVE-2013-1093: Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework↗2013-06-17

▶