CVE-2015-0783
Novell Zenworks FileViewer Information Disclosure Vulnerability
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable.
La clase FileViewer en ZENworks Configuration Management (ZCM) de Novell permite que usuarios remotos autenticados lean archivos arbitrarios mediante la variable filename.
This vulnerability allows attackers to obtain sensitive information on vulnerable installations of Novell Zenworks. User interaction is not required to exploit this vulnerability.
The specific flaw exists within the FileViewer class. The issue lies in the failure to sanitize the "filename" variable. The attacker can leverage this to read files remotely.
*Credits:
Anonymous
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-01-07 CVE Reserved
- 2015-04-22 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1032166 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-150 | X_refsource_misc |
|
| https://www.novell.com/support/kb/doc.php?id=7016431 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Novell Search vendor "Novell" | Zenworks Configuration Management Search vendor "Novell" for product "Zenworks Configuration Management" | - | - |
Affected
| ||||||