CVE-2013-1093

Name of the Vulnerable Software and Affected Versions Novell ZENworks Configuration Management (ZCM) versions 11.2 through 11.2.3a before Monthly Update 1

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This is achieved via the directToPage parameter in the fwdToURL function in the ZCC login page, which is part of the zcc-framework.jar component.

Recommendations For versions 11.2 through 11.2.3a before Monthly Update 1, update to version 11.2.3a Monthly Update 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the fwdToURL function in the ZCC login page to minimize the risk of exploitation. Avoid using the directToPage parameter in the affected login page until the issue is resolved.