Security Vulnerability with ZCM Remote Execution

  • 7005573
  • 30-Mar-2010
  • 27-Apr-2012


Novell ZENworks 10 Configuration Management Remote Management


A security vulnerability exists with  Novell ZENworks Configuration Management Remote Management - Remote Code Execution which could allow remote attackers to execute arbitrary code.


This is fixed in version 10.3 - see KB 7005455 "ZENworks Configuration Management SP3 (10.3) - update information and list of fixes" which can be found at


Security Alert

Additional Information

This was reported as ZDI-CAN-678 by TippingPoint Corporation.   This vulnerability was discovered by: Stephen Fewer of Harmony Security.