CVE-2010-0284

Name: CVE-2010-0284
Creator: NVD / NIST
Published: 2010-06-18T16:30:01.313+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 6.38%

Last modified Jun 16, 2026

CVE-2010-0284 is a vulnerability of currently unknown severity. Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.. EPSS estimates a 6.38% chance of exploitation in the next 30 days.

Description

Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.

Metrics

EPSS Probability

6.38%

92.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-22

Affected Software

Vendor	Product	Versions
Novell	Access Manager	3.1

References

Timeline

Published: Jun 18, 2010
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2010-0284?

How severe is CVE-2010-0284?

Severity scoring for CVE-2010-0284 is pending analysis. The EPSS model estimates a 6.38% probability of exploitation in the next 30 days.

How do I fix CVE-2010-0284?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-0284?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST