CVE-2013-1080

Name of the Vulnerable Software and Affected Versions Novell ZENworks Configuration Management (ZCM) versions 10.3 through 11.2 before 11.2.4

Description The issue concerns the web server in Novell ZENworks Configuration Management, which fails to properly authenticate requests to the "zenworks/jsp/index.jsp" endpoint. This allows remote attackers to perform directory traversal attacks, upload, and execute arbitrary programs by sending a request to TCP port 443.

Recommendations For versions 10.3 through 11.2 before 11.2.4, update to version 11.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the "zenworks/jsp/index.jsp" endpoint until a patch is available.