CVE-2010-4229

Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request.

Published: Apr 18, 2011
Updated: Apr 13, 2023
CVE: CVE-2010-4229
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
novell / zenworks_configuration_management	10.3.1	10.3.1.x
novell / zenworks_configuration_management	11	11.x
novell / zenworks_configuration_management	10.3	10.3.x

http://secunia.com/advisories/44120
http://securityreason.com/securityalert/8207
http://securitytracker.com/id?1025313
http://www.novell.com/support/viewContent.do?externalId=7007841
http://www.securityfocus.com/archive/1/517425/100/0/threaded
http://www.securityfocus.com/bid/47295
http://www.vupen.com/english/advisories/2011/0917
http://zerodayinitiative.com/advisories/ZDI-11-118/
https://exchange.xforce.ibmcloud.com/vulnerabilities/66656

Vulnerability Database

CVE-2010-4229