FastPatch for (a) PatchLink Update Server (PLUS) prior to 6.1 P1 and 6.2.x prior to 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and previous versions, does not require authentication for dagent/proxyreg.asp, which allows remote malicious users to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lumension patchlink update server 6.2.0.189 |
||
novell zenworks |
||
lumension patchlink update server 6.1 |
||
lumension patchlink update server 6.2.0.181 |