Advisory Details

February 11th, 2016

Novell Zenworks ChangePassword XPath Injection Information Disclosure Vulnerability

ZDI-16-167
ZDI-CAN-3136

CVE ID CVE-2015-5970
CVSS SCORE 5, (AV:N/AC:L/Au:N/C:P/I:N/A:N)
AFFECTED VENDORS Novell
AFFECTED PRODUCTS Zenworks
VULNERABILITY DETAILS


This vulnerability allows remote attackers to exfiltrate arbitrary text files on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the ChangePassword RPC method. By providing a malformed query, an attacker can combine a system entity reference with an XPath injection vulnerability to exfiltrate arbitrary text files from the system.

ADDITIONAL DETAILS Novell has issued an update to correct this vulnerability. More details can be found at:
https://www.novell.com/support/kb/doc.php?id=7017240
DISCLOSURE TIMELINE
  • 2015-09-17 - Vulnerability reported to vendor
  • 2016-02-11 - Coordinated public release of advisory
CREDIT cpnrodzc7
BACK TO ADVISORIES