CVE-2015-0782
Novell Zenworks schedule.ScheduleQuery SQL Injection Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Una vulnerabilidad de inyección SQL en el método ScheduleQuery de la clase schedule en ZENworks Configuration Management (ZCM) de Novell permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante vectores sin especificar.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ScheduleQuery method of the schedule class. The issue lies in the failure to sanitize user-supplied input prior to executing a SQL statement. An attacker could leverage this vulnerability to execute code under the context of the database.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-01-07 CVE Reserved
- 2015-04-22 CVE Published
- 2024-08-06 CVE Updated
- 2024-11-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/72808 | Vdb Entry | |
http://www.zerodayinitiative.com/advisories/ZDI-15-148 | X_refsource_misc | |
https://www.novell.com/support/kb/doc.php?id=7016431 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Novell Search vendor "Novell" | Zenworks Configuration Management Search vendor "Novell" for product "Zenworks Configuration Management" | - | - |
Affected
|