This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote web server is running a configuration management
application affected by multiple vulnerabilities.
The version of Novell ZENworks Configuration Management installed on
the remote host can be tricked into disclosing any file readable by the
Novell ZENworks umaninv service, and as such it is affected by multiple
- A directory traversal vulnerability exists that allows
any file readable by the Novell ZENworks umaniv service
to be disclosed. (CVE-2013-1084)
- An unspecified flaw in the ZENworks Control Center page
that can result in an application exception with an
unspecified impact. (CVE-2013-6345)
- An unspecified cross site request forgery flaw in the
ZENworks Control Center page. (CVE-2013-6346)
- An unspecified cross frame scripting flaw in the
ZENworks Control Center page. (CVE-2013-6344)
- An unspecified session fixation flaw in the ZENworks
Control Center page. (CVE-2013-6347)
See also :
Update to Novell ZENworks 11.2.4 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true
Family: CGI abuses
Nessus Plugin ID: 70726 ()
Bugtraq ID: 6343363499634986349763495
CVE ID: CVE-2013-1084CVE-2013-6344CVE-2013-6345CVE-2013-6346CVE-2013-6347
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.