CVE-2012-2223

EUVD-2012-2217
The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
novellzenworks_configuration_management
10.3
novellzenworks_configuration_management
10.3.1
novellzenworks_configuration_management
10.3.2
novellzenworks_configuration_management
10.3.3
novellzenworks_configuration_management
11.1
novellzenworks_configuration_management
11.1a:a
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.novell.com/support/viewContent.do?externalId=7008244
http://www.novell.com/support/viewContent.do?externalId=7010044
http://www.novell.com/support/viewContent.do?externalId=7010137
https://exchange.xforce.ibmcloud.com/vulnerabilities/74818
http://www.novell.com/support/viewContent.do?externalId=7008244
http://www.novell.com/support/viewContent.do?externalId=7010044
http://www.novell.com/support/viewContent.do?externalId=7010137
https://exchange.xforce.ibmcloud.com/vulnerabilities/74818