Environment
Novell
ZENworks Patch Management 6.2
Situation
While analyzing
the patch Novell ZENworks Patch Management > 6.2 SR1 P1 Security
Update (6.2.2.190) ‑ TID 10100709
The script
/dagent/downloadreport.asp is vulnerable to an SQL injection
for the parameters agentid and pass. The previous patch
does not fix this issue.
Resolution
This has been
fixed in ZPM version 6.3.2.700
Status
Security AlertChange Log
6-Aug-2013 - tgordon - Removed Reported to Engineering, this TID might be available for deletion since product is no longer supported.