- Description
- Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-22
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:10.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BCFE6AD-E242-4306-8DEB-7023F48BC1D3"
},
{
"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:10.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0ABC25E5-76CD-469B-879A-B1F7109D0181"
},
{
"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A93DBC3-5C82-4396-B3D0-F32B219E2DE0"
}
],
"operator": "OR"
}
]
}
]