First published: Sat Nov 02 2013(Updated: )
Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Micro Focus ZENworks Configuration Management | <=11.2.3 | |
Micro Focus ZENworks Configuration Management | =10.2 | |
Micro Focus ZENworks Configuration Management | =10.3 | |
Micro Focus ZENworks Configuration Management | =10.3.1 | |
Micro Focus ZENworks Configuration Management | =10.3.2 | |
Micro Focus ZENworks Configuration Management | =10.3.3 | |
Micro Focus ZENworks Configuration Management | =11 | |
Micro Focus ZENworks Configuration Management | =11-sp1 | |
Micro Focus ZENworks Configuration Management | =11.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-6346 is considered a high-severity cross-site request forgery (CSRF) vulnerability affecting Novell ZENworks Configuration Management.
To fix CVE-2013-6346, upgrade to Novell ZENworks Configuration Management version 11.2.4 or later.
CVE-2013-6346 affects versions of Novell ZENworks Configuration Management prior to 11.2.4 and includes several earlier versions from 10.2 to 11.
CVE-2013-6346 involves a cross-site request forgery (CSRF) attack that can hijack user authentication.
Attackers can exploit CVE-2013-6346 to perform unauthorized actions on behalf of victims by hijacking their authentication.