CVE-2011-2657

Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument.

Published: Jul 27, 2012
Updated: Apr 13, 2023
CVE: CVE-2011-2657
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
novell / zenworks_configuration_management	11-sp1	11-sp1.x
novell / zenworks_configuration_management	10.2	10.2.x
novell / zenworks_configuration_management	10.3	10.3.x

http://www.exploit-db.com/exploits/19718/
http://www.novell.com/support/kb/doc.php?id=7009570
http://www.zerodayinitiative.com/advisories/ZDI-11-318/

Vulnerability Database

CVE-2011-2657