CVE-2012-2223
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors.
El agente xplat de Novell ZENworks Configuration Management (ZCM) 10.3.x y anteriores a 10.3.4 y 11.x anteriores a 11.2 tienen habilitado el método HTTP TRACE, lo que facilita a atacantes remotos realizar ataques "cross-site tracing" (XST) a través de vectores sin especificar.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-04-11 CVE Reserved
- 2012-04-11 CVE Published
- 2024-08-06 CVE Updated
- 2024-10-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.novell.com/support/viewContent.do?externalId=7008244 | X_refsource_confirm | |
| http://www.novell.com/support/viewContent.do?externalId=7010044 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74818 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.novell.com/support/viewContent.do?externalId=7010137 | 2017-12-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Novell Search vendor "Novell" | Zenworks Configuration Management Search vendor "Novell" for product "Zenworks Configuration Management" | 10.3 Search vendor "Novell" for product "Zenworks Configuration Management" and version "10.3" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Zenworks Configuration Management Search vendor "Novell" for product "Zenworks Configuration Management" | 10.3.1 Search vendor "Novell" for product "Zenworks Configuration Management" and version "10.3.1" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Zenworks Configuration Management Search vendor "Novell" for product "Zenworks Configuration Management" | 10.3.2 Search vendor "Novell" for product "Zenworks Configuration Management" and version "10.3.2" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Zenworks Configuration Management Search vendor "Novell" for product "Zenworks Configuration Management" | 10.3.3 Search vendor "Novell" for product "Zenworks Configuration Management" and version "10.3.3" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Zenworks Configuration Management Search vendor "Novell" for product "Zenworks Configuration Management" | 11 Search vendor "Novell" for product "Zenworks Configuration Management" and version "11" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Zenworks Configuration Management Search vendor "Novell" for product "Zenworks Configuration Management" | 11.1 Search vendor "Novell" for product "Zenworks Configuration Management" and version "11.1" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Zenworks Configuration Management Search vendor "Novell" for product "Zenworks Configuration Management" | 11.1a Search vendor "Novell" for product "Zenworks Configuration Management" and version "11.1a" | - |
Affected
| ||||||