Zenworks configuration management
This hub aggregates every CVE we track for Zenworks configuration management, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.
36
CVEs tracked
14
Critical
3
High
2
In CISA KEV
Severity distribution
MEDIUM19CRITICAL14HIGH3
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Zenworks configuration management.
- CVE-2021-22521A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploi...6.7
- CVE-2012-6345Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information.7.5
- CVE-2012-6344Novell ZENworks Configuration Management before 11.2.4 allows XSS.6.1
- CVE-2015-0785com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable.7.5
- CVE-2015-0783The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable.6.5
- CVE-2015-0782SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspeci...9.8
- CVE-2015-0780SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands v...9.8
- CVE-2015-0781Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspec...9.8
- CVE-2015-0784Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable.7.5
- CVE-2015-0786Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspec...9.8
- CVE-2015-5970The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malfor...5.3
- CVE-2015-0779Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted director...10.0
- CVE-2010-5324Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary c...10.0
- CVE-2010-5323Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary c...10.0
- CVE-2014-7169GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or po...KEV9.8
Product normalization is registry-driven with AI assist and human review. How it works