Novell ZENworks Control Center File Upload Remote Code Execution
Critical Nessus Plugin ID 65722
SynopsisAn application on the remote host is affected by a remote code execution vulnerability.
DescriptionThe installed version of Novell ZENworks Control Center has a flaw with authentication checking on '/zenworks/jsp/index.jsp' that can allow a remote, unauthenticated attacker to upload arbitrary files and execute them with SYSTEM privileges.
SolutionUpgrade to ZENworks 11.2.2 and apply the interim fix, or apply 11.2.3a Monthly Update 1 for 11.2.3 installs.