CVE-2015-0785

Published: Aug 9, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable.

Affected (1)

Products: Novell: Zenworks Configuration Management

Novell

1 product

Zenworks Configuration Management

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Novell Zenworks Configuration Management	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securityfocus.com/bid/74288

Source: security@opentext.com

http://www.zerodayinitiative.com/advisories/ZDI-15-152

Source: security@opentext.com

https://www.novell.com/support/kb/doc.php?id=7016431

Source: security@opentext.com

http://www.securityfocus.com/bid/74288

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-15-152

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.novell.com/support/kb/doc.php?id=7016431

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.