Novell ZENworks Configuration Management < 11.2.3a Monthly Update 1 Multiple Vulnerabilities (credentialed check)

Medium Nessus Plugin ID 66913


The remote host has an application that is affected by multiple vulnerabilities.


The remote host has a version of Novell ZENworks Configuration Management installed prior to 11.2.3a Monthly Update 1. It is, therefore, affected by the following vulnerabilities:

- An open redirect vulnerability exists on the ZENworks Control Center login page due to improper validation of the 'fwdToURL' parameter. (CVE-2013-1093)

- The ZENworks Control Center Login.jsp script is affected by a cross-site scripting vulnerability that exists due to improper validation on the 'language' parameter.

- A cross-site scripting vulnerability exists due to improper validation of input when handling 'onError' events. (CVE-2013-1095)

- A cross-site scripting vulnerability exists due to improper validation of input when handling frame tag 'onload' events. (CVE-2013-1097)


Upgrade to Novell ZENworks 11.2.3a Monthly Update 1 or later.

See Also

Plugin Details

Severity: Medium

ID: 66913

File Name: novell_zcm_11_2_3_a_mu1.nasl

Version: $Revision: 1.2 $

Type: remote

Agent: windows

Family: Windows

Published: 2013/06/18

Modified: 2015/02/11

Dependencies: 58445

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:novell:zenworks_configuration_management

Required KB Items: SMB/Novell/ZENworks/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/06/03

Vulnerability Publication Date: 2013/06/04

Reference Information

CVE: CVE-2013-1093, CVE-2013-1094, CVE-2013-1095, CVE-2013-1097

BID: 60318, 60319, 60320, 60322

OSVDB: 93874, 93875, 93876, 93877

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990