CVE-2005-3315

Name of the Vulnerable Software and Affected Versions Novell ZENworks Patch Management versions prior to 6.2.2.181

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in multiple parameters, including the Direction parameter to the "computers/default.asp" endpoint, and the SearchText, StatusFilter, and computerFilter parameters to the "reports/default.asp" endpoint.

Recommendations For versions prior to 6.2.2.181, update to version 6.2.2.181 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable endpoints, such as "computers/default.asp" and "reports/default.asp", until the update is applied. Avoid using the vulnerable parameters Direction, SearchText, StatusFilter, and computerFilter in the affected endpoints until the issue is resolved.