Novell ZENworks Configuration Management < 11.2.4 Multiple Vulnerabilities
Critical Nessus Plugin ID 70726
SynopsisThe remote web server is running a configuration management application affected by multiple vulnerabilities.
DescriptionThe version of Novell ZENworks Configuration Management installed on the remote host can be tricked into disclosing any file readable by the Novell ZENworks umaninv service, and as such it is affected by multiple vulnerabilities :
- A directory traversal vulnerability exists that allows any file readable by the Novell ZENworks umaniv service to be disclosed. (CVE-2013-1084)
- An unspecified flaw in the ZENworks Control Center page that can result in an application exception with an unspecified impact. (CVE-2013-6345)
- An unspecified cross site request forgery flaw in the ZENworks Control Center page. (CVE-2013-6346)
- An unspecified cross frame scripting flaw in the ZENworks Control Center page. (CVE-2013-6344)
- An unspecified session fixation flaw in the ZENworks Control Center page. (CVE-2013-6347)
SolutionUpdate to Novell ZENworks 11.2.4 or later.