CVE-2013-6346: CSRF
First published: Sat Nov 02 2013(Updated: )
Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Micro Focus ZENworks Configuration Management | <=11.2.3 | |
| Micro Focus ZENworks Configuration Management | =10.2 | |
| Micro Focus ZENworks Configuration Management | =10.3 | |
| Micro Focus ZENworks Configuration Management | =10.3.1 | |
| Micro Focus ZENworks Configuration Management | =10.3.2 | |
| Micro Focus ZENworks Configuration Management | =10.3.3 | |
| Micro Focus ZENworks Configuration Management | =11 | |
| Micro Focus ZENworks Configuration Management | =11-sp1 | |
| Micro Focus ZENworks Configuration Management | =11.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-6346?
CVE-2013-6346 is considered a high-severity cross-site request forgery (CSRF) vulnerability affecting Novell ZENworks Configuration Management.
How do I fix CVE-2013-6346?
To fix CVE-2013-6346, upgrade to Novell ZENworks Configuration Management version 11.2.4 or later.
What systems are affected by CVE-2013-6346?
CVE-2013-6346 affects versions of Novell ZENworks Configuration Management prior to 11.2.4 and includes several earlier versions from 10.2 to 11.
What type of attack does CVE-2013-6346 involve?
CVE-2013-6346 involves a cross-site request forgery (CSRF) attack that can hijack user authentication.
What can attackers achieve with CVE-2013-6346?
Attackers can exploit CVE-2013-6346 to perform unauthorized actions on behalf of victims by hijacking their authentication.
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/softwarecombine
- agent/tags
- vendor/novell
- canonical/novell zenworks configuration management
- version/novell zenworks configuration management/11.2.3
- version/novell zenworks configuration management/10.2
- version/novell zenworks configuration management/10.3
- version/novell zenworks configuration management/10.3.1
- version/novell zenworks configuration management/10.3.2
- version/novell zenworks configuration management/10.3.3
- version/novell zenworks configuration management/11
- version/novell zenworks configuration management/11-sp1
- version/novell zenworks configuration management/11.2