Short Name |
HTTP:SQL:NOVEL-ZENWORKS |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Novell ZENworks Configuration Management schedule.ScheduleQuery SQL Injection |
Release Date |
2015/06/29 |
Update Number |
2511 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
An SQL injection vulnerability exists in ZENworks Configuration Management. The vulnerability is due to insufficient sanitization of a request parameter in the run method of the ScheduleQuery class before using the parameter in SQL queries. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted message to a target server to execute arbitrary SQL code. This signature detects attempts to exploit a known vulnerability against ZENworks Configuration Management. A successful exploit can lead to Arbitrary SQL code execution.
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.