CVE-2013-1081

Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.novell.com/support/kb/doc.php?id=7011895
http://www.novell.com/support/kb/doc.php?id=7011895

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:novell:zenworks_mobile_management:2.6.1:::::::*
	cpe:2.3:a:novell:zenworks_mobile_management:2.7.0:::::::*

History

21 Nov 2024, 01:48

Type	Values Removed	Values Added
References	~~() http://www.novell.com/support/kb/doc.php?id=7011895 -~~	() http://www.novell.com/support/kb/doc.php?id=7011895 -

Information

Published : 2013-03-11 21:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-1081

Mitre link : CVE-2013-1081

CVE.ORG link : CVE-2013-1081

JSON object : View

Products Affected

novell

zenworks_mobile_management

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2013-1081", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-03-11T21:55:02.443", "references": [{"url": "http://www.novell.com/support/kb/doc.php?id=7011895", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/support/kb/doc.php?id=7011895", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en MDM.php en Novell ZENworks Mobile Management (ZMM) v2.6.1 y v2.7.0 permite a atacantes remotos a\u00f1adir y ejecutar archivos locales de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"languaje\"."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:novell:zenworks_mobile_management:2.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D230D51A-0445-4F4E-B6E8-F2EB9F153168"}, {"criteria": "cpe:2.3:a:novell:zenworks_mobile_management:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B05D9FA-814E-4E18-AFA0-E54C7DC1413C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10