CVE-2015-5970 - Vulnerability Details - OpenCVE

The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Novell	Zenworks Configuration Management

Configuration 1 [-]

OR	cpe:2.3:a:novell:zenworks_configuration_management:11.3.0:::::::*
	cpe:2.3:a:novell:zenworks_configuration_management:11.3.1:::::::*
	cpe:2.3:a:novell:zenworks_configuration_management:11.3.2:::::::*
	cpe:2.3:a:novell:zenworks_configuration_management:11.4.0:::::::*
	cpe:2.3:a:novell:zenworks_configuration_management:11.4.1:::::::*

No data.

References

Link	Providers
http://www.zerodayinitiative.com/advisories/ZDI-16-167
https://www.novell.com/support/kb/doc.php?id=7017240

History

No history.

MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2016-02-18T22:00:00

Updated: 2024-08-06T07:06:34.937Z

Reserved: 2015-08-12T00:00:00

Link: CVE-2015-5970

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-02-18T22:59:00.107

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-5970

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-02-09T00:00:00", "descriptions": [{"lang": "en", "value": "The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:38", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-167"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.novell.com/support/kb/doc.php?id=7017240"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2015-5970", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-167", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-167"}, {"name": "https://www.novell.com/support/kb/doc.php?id=7017240", "refsource": "CONFIRM", "url": "https://www.novell.com/support/kb/doc.php?id=7017240"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:06:34.937Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-167"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.novell.com/support/kb/doc.php?id=7017240"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2015-5970", "datePublished": "2016-02-18T22:00:00", "dateReserved": "2015-08-12T00:00:00", "dateUpdated": "2024-08-06T07:06:34.937Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "3A7788E5-93B9-4149-8823-2ACBA5CF17E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "5043F87D-E773-4998-836B-ED4863643C32", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "C6841C94-55E0-497A-9E8C-E819947A4E7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "CBE0D973-C4D7-4626-BC9C-7833A6EE0D50", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "5D86763D-9B42-49DE-96FC-D3267B26F006", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference."}, {"lang": "es", "value": "El m\u00e9todo ChangePassword RPC en Novell ZENworks Configuration Management (ZCM) 11.3 y 11.4 permite a atacantes remotos llevar a cabo ataques de inyecci\u00f3n XPath, y leer archivos de texto arbitrarios, a trav\u00e9s de una consulta mal formada que implica una referencia a una entidad del sistema."}], "id": "CVE-2015-5970", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-18T22:59:00.107", "references": [{"source": "security@opentext.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-167"}, {"source": "security@opentext.com", "url": "https://www.novell.com/support/kb/doc.php?id=7017240"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-167"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.novell.com/support/kb/doc.php?id=7017240"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}