← back
CVE-2013-1080

CVE-2013-1080

EPSS 77.0%
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/24938unverifiedexploitdbwww.exploit-db.com/exploits/24938unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.exploit-db.com/exploits/24938http://www.novell.com/support/kb/doc.php?id=7011812http://www.novell.com/support/kb/doc.php?id=7012027http://www.zerodayinitiative.com/advisories/ZDI-13-049/