RULE(RULE ID:315382)

Rule General Information
Release Date: 2019-05-20
Rule Name: Novell Zenworks Configuration Management File Upload Vulnerability -2 (CVE-2013-1080)
Rule Protection Details
Description: The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.
Impact: An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software.
Affected OS: Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others
Reference: ExploitDB:24938
The vendors have released upgrade patches to fix vulnerabilities, please visit: