CVE-2013-1084

Name of the Vulnerable Software and Affected Versions Novell ZENworks Configuration Management (ZCM) version 11.2.3

Description The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename parameter in a GetFile action to "zenworks-unmaninv/". This is a directory traversal vulnerability in the GetFle method in the umaninv service.

Recommendations For Novell ZENworks Configuration Management (ZCM) version 11.2.3, consider restricting access to the umaninv service until a patch is available. As a temporary workaround, avoid using the Filename parameter in the GetFile action to minimize the risk of exploitation.