Novell.ZAM.FileUploadServlet.Directory.Traversal
Description
This indicates an attack attempt against a Directory Traveral vulnerability in Novell's ZENworks Asset Management(ZAM).
The vulnerability is due to insufficient input validation within the ZENworks Server's "FileUploadServlet". An attacker may upload malicious files anywhere onto the vulnerable system and execute arbitrary code on it with the privileges of the Administrator user.
Affected Products
Novell ZENworks Configuration Management 10.1.2 a
Novell ZENworks Configuration Management 10.1.2
Novell ZENworks Configuration Management 10.3.1
Novell ZENworks Configuration Management 10.3
Novell ZENworks Configuration Management 10.1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrades or patches from the vendor.
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5091430&sliceId=&docTypeID=DT_SUSESDB_PSDB_1_1&dialogID=245129152&stateId=0%200%20245125568
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |