virus logo Intrusion Prevention

Novell.ZAM.FileUploadServlet.Directory.Traversal

description-logoDescription

This indicates an attack attempt against a Directory Traveral vulnerability in Novell's ZENworks Asset Management(ZAM).
The vulnerability is due to insufficient input validation within the ZENworks Server's "FileUploadServlet". An attacker may upload malicious files anywhere onto the vulnerable system and execute arbitrary code on it with the privileges of the Administrator user.

affected-products-logoAffected Products

Novell ZENworks Configuration Management 10.1.2 a
Novell ZENworks Configuration Management 10.1.2
Novell ZENworks Configuration Management 10.3.1
Novell ZENworks Configuration Management 10.3
Novell ZENworks Configuration Management 10.1

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrades or patches from the vendor.
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5091430&sliceId=&docTypeID=DT_SUSESDB_PSDB_1_1&dialogID=245129152&stateId=0%200%20245125568

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

44201
ID 28153
Created Jul 18, 2011
Updated Nov 15, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2010-4229
Exploit Prediction Score 90.32%
Default Action drop
Active
Affected OS Windows, Linux
Affected App Novell