CVE-2013-1084 — MEDIUM (5.0)

Vulnerability Description

Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename parameter in a GetFile action to zenworks-unmaninv/.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Novell	Zenworks Configuration Management	11.2.3

Related Weaknesses (CWE)

CWE-22

References

http://secunia.com/advisories/55450Vendor Advisory
http://www.novell.com/support/kb/doc.php?id=7012027
http://www.novell.com/support/kb/doc.php?id=7012760Vendor Advisory
http://secunia.com/advisories/55450Vendor Advisory
http://www.novell.com/support/kb/doc.php?id=7012027
http://www.novell.com/support/kb/doc.php?id=7012760Vendor Advisory

FAQ

What is CVE-2013-1084?

CVE-2013-1084 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot dot...

How severe is CVE-2013-1084?

CVE-2013-1084 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-1084?

Check the references section above for vendor advisories and patch information. Affected products include: Novell Zenworks Configuration Management.