XPath Injection Vulnerability in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4

XPath Injection Vulnerability in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4

CVE-2015-5970 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference.

Learn more about our Web Application Penetration Testing UK.