CVE-2013-6347

Published Nov 2, 2013

Last updated 11 years ago

Overview

Description: Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:novell:zenworks_configuration_management:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E1660F7-1DBD-4357-BEC0-5354B0E3F0AA",
            "versionEndIncluding": "11.2.3"
          },
          {
            "criteria": "cpe:2.3:a:novell:zenworks_configuration_management:10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BCFE6AD-E242-4306-8DEB-7023F48BC1D3"
          },
          {
            "criteria": "cpe:2.3:a:novell:zenworks_configuration_management:10.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0ABC25E5-76CD-469B-879A-B1F7109D0181"
          },
          {
            "criteria": "cpe:2.3:a:novell:zenworks_configuration_management:10.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "556F4B13-4C98-41D6-A2A4-138780C206CD"
          },
          {
            "criteria": "cpe:2.3:a:novell:zenworks_configuration_management:10.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F4C1F2D-D479-4353-8E95-A1326783CEBB"
          },
          {
            "criteria": "cpe:2.3:a:novell:zenworks_configuration_management:10.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44E12A11-E11B-4330-A94E-7F40BE3ECFD3"
          },
          {
            "criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98942F6C-330F-459A-B2B4-72572DB4070E"
          },
          {
            "criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A93DBC3-5C82-4396-B3D0-F32B219E2DE0"
          },
          {
            "criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C0BAB94-6521-4B57-9E56-A57BA5E20C24"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References