CVE-2010-5324

Name of the Vulnerable Software and Affected Versions Novell ZENworks Configuration Management (ZCM) versions prior to 10.3

Description A directory traversal issue exists in the UploadServlet of the Remote Management component. This allows remote attackers to execute arbitrary code by sending a crafted zenworks-fileupload request. The request must include a specific directory name in the type parameter, a WAR filename in the filename parameter, and WAR content in the POST data.

Recommendations For versions prior to 10.3, update to version 10.3 or later to resolve the issue.