Vulnerabilities > Novell > Zenworks Configuration Management > 11.3.2

DATE CVE VULNERABILITY TITLE RISK
2016-02-18 CVE-2015-5970 Code Injection vulnerability in Novell Zenworks Configuration Management
The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference.
network
low complexity
novell CWE-94
5.3