Novell ZENworks Patch Management Server 6.0.0.52 - SQL injection

2005.10.28
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


Ogólna skala CVSS: 7.5/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

The Novell ZENworks Patch Management Server 6.0.0.52 is vulnerable to SQL injection in the management console. To being able to exploit this issue the administrator have to manually created a none-privileged account as minimum, to allow exploitation. Fix: Upgrade to ZENworks Patch Management version 6.2.2.181 (or newer hot fix via your PLUS server) found at http://download.novell.com. Note: The 6.0.0.52 CD ISO image was on the Novell download site up until the 2nd week of September, 2005. The ZENworks Patch Management CD ISO image that is currently available at the download site at the time of this document being published http://download.novell.com/Download?buildid=5_kRStyf9wU~ ISO Name: ZEN_PatchMgmt_Upd6.2.iso Size: 323.8 MB (339607552) MD5: aeb244ecdf29c83cb8388fae1a6a1919 A technical description of the vulnerability can be read at: http://www.cirt.dk


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top