Summary
The host is installed with Novell ZENworks Mobile Management is prone to directory traversal vulnerability.
Impact
Successful exploitation will let the attackers to disclose the contents of any file on the system via directory traversal sequences.
Impact Level: Application
Solution
Upgrade to version 2.7.1 or later,
For updates refer to http://www.novell.com
Insight
Input passed via the 'language' parameter to DUSAP.php is not properly verified before being used to include files.
Affected
Novell ZENworks Mobile Management version before 2.7.1
References
Severity
Classification
-
CVE CVE-2013-1082 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- Apache Tomcat AJP Protocol Security Bypass Vulnerability
- Allegro RomPager `Misfortune Cookie` Vulnerability
- Apple Safari RSS Feed Information Disclosure Vulnerability
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability