Novell ZENworks ChangePassword RPC XPath Injection
Medium Nessus Plugin ID 88982
SynopsisThe remote ZENworks server is affected by an information disclosure vulnerability.
DescriptionThe remote Novell ZENWworks Configuration Management (ZCM) server is affected by an information disclosure vulnerability in the ChangePassword RPC implementation that is triggered when handling malformed queries involving a system entity reference. An unauthenticated, remote attacker can exploit this, via XPath injection, to read arbitrary text files.
SolutionApply the patch provided by Micro Focus.