Vulnerability Description
Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Zenworks Configuration Management | 10.3 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/44120Vendor Advisory
- http://securityreason.com/securityalert/8207
- http://securitytracker.com/id?1025313
- http://www.novell.com/support/viewContent.do?externalId=7007841Vendor Advisory
- http://www.securityfocus.com/archive/1/517425/100/0/threaded
- http://www.securityfocus.com/bid/47295
- http://www.vupen.com/english/advisories/2011/0917Vendor Advisory
- http://zerodayinitiative.com/advisories/ZDI-11-118/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66656
- http://secunia.com/advisories/44120Vendor Advisory
- http://securityreason.com/securityalert/8207
- http://securitytracker.com/id?1025313
- http://www.novell.com/support/viewContent.do?externalId=7007841Vendor Advisory
- http://www.securityfocus.com/archive/1/517425/100/0/threaded
- http://www.securityfocus.com/bid/47295
FAQ
What is CVE-2010-4229?
CVE-2010-4229 is a vulnerability with a CVSS score of 10.0 (HIGH). Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows...
How severe is CVE-2010-4229?
CVE-2010-4229 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4229?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Zenworks Configuration Management.