Security Vulnerability with ZCM Remote Execution

  • Document ID:7005573
  • Creation Date:30-Mar-2010
  • Modified Date:27-Apr-2012
    • Micro Focus Products:
      ZENworks Configuration Management

Environment

Novell ZENworks 10 Configuration Management Remote Management

Situation

A security vulnerability exists with  Novell ZENworks Configuration Management Remote Management - Remote Code Execution which could allow remote attackers to execute arbitrary code.

Resolution

This is fixed in version 10.3 - see KB 7005455 "ZENworks Configuration Management SP3 (10.3) - update information and list of fixes" which can be found at https://www.novell.com/support

Status

Security Alert

Additional Information

This was reported as ZDI-CAN-678 by TippingPoint Corporation.   This vulnerability was discovered by: Stephen Fewer of Harmony Security.