Penetration Testing UK

CVE-2015-5970

CVE-2015-5970

Severity Score

5.0

Access Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

Summary

The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference.

Learn more about our Penetration Testing services.