ZPM vulnerable to an SQL injection

  • 3506963
  • 12-Dec-2006
  • 06-Aug-2013

Environment

Novell ZENworks Patch Management 6.2

Situation

While analyzing the patch Novell ZENworks Patch Management > 6.2 SR1 P1 Security Update (6.2.2.190) ‑ TID 10100709
The script /dagent/downloadreport.asp is vulnerable to an SQL injection for the parameters agentid and pass. The previous patch does not fix this issue.

Resolution

This has been fixed in ZPM version 6.3.2.700

Status

Security Alert

Change Log

6-Aug-2013 - tgordon - Removed Reported to Engineering, this TID might be available for deletion since product is no longer supported.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.