Novell Forum TCL Command Injection Vulnerability
RISK: Medium Risk
A vulnerability has been reported in Novell Forum, which can be exploited by malicious people to to compromise a vulnerable system.
The vulnerability is caused due to an unspecified error when handling certain requests, which can be exploited to inject and execute TCL commands by modifying the URL.
The vulnerability is reported in versions 7.0, 7.1, 7.2, 7.3, and 8.0. Other versions may also be affected.
Impact
- Remote Code Execution
System / Technologies affected
- Novell Forum (formerly SiteScape Forum) 7.x
- Novell Forum (formerly SiteScape Forum) 8.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Apply patch:
http://download.novell.com/Download?buildid=6k-5X-UPnrM~
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with