This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote ZENworks server is affected by an information disclosure
The remote Novell ZENWworks Configuration Management (ZCM) server is
affected by an information disclosure vulnerability in the
ChangePassword RPC implementation that is triggered when handling
malformed queries involving a system entity reference. An
unauthenticated, remote attacker can exploit this, via XPath
injection, to read arbitrary text files.
See also :
Apply the patch provided by Micro Focus.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true