This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote web server is running a configuration management
application affected by multiple vulnerabilities.
The version of Novell ZENworks Configuration Management installed on
the remote host can be tricked into disclosing any file readable by the
Novell ZENworks umaninv service, and as such it is affected by multiple
- A directory traversal vulnerability exists that allows
any file readable by the Novell ZENworks umaniv service
to be disclosed. (CVE-2013-1084)
- An unspecified flaw in the ZENworks Control Center page
that can result in an application exception with an
unspecified impact. (CVE-2013-6345)
- An unspecified cross site request forgery flaw in the
ZENworks Control Center page. (CVE-2013-6346)
- An unspecified cross frame scripting flaw in the
ZENworks Control Center page. (CVE-2013-6344)
- An unspecified session fixation flaw in the ZENworks
Control Center page. (CVE-2013-6347)
See also :
Update to Novell ZENworks 11.2.4 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true