XPath Injection Vulnerability in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4
CVE-2015-5970 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference.
Learn more about our Web Application Penetration Testing UK.