First published: Sat Nov 02 2013(Updated: )
Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Micro Focus ZENworks Configuration Management | <=11.2.3 | |
Micro Focus ZENworks Configuration Management | =10.2 | |
Micro Focus ZENworks Configuration Management | =10.3 | |
Micro Focus ZENworks Configuration Management | =10.3.1 | |
Micro Focus ZENworks Configuration Management | =10.3.2 | |
Micro Focus ZENworks Configuration Management | =10.3.3 | |
Micro Focus ZENworks Configuration Management | =11 | |
Micro Focus ZENworks Configuration Management | =11-sp1 | |
Micro Focus ZENworks Configuration Management | =11.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-6347 has a high severity rating due to its potential to allow remote attackers to hijack web sessions.
To fix CVE-2013-6347, you should upgrade your Novell ZENworks Configuration Management to version 11.2.4 or later.
CVE-2013-6347 affects Novell ZENworks Configuration Management versions prior to 11.2.4, including 10.2, 10.3, and earlier 11.x versions.
CVE-2013-6347 is classified as a session fixation vulnerability.
Yes, CVE-2013-6347 can be exploited remotely, allowing attackers to hijack active web sessions.