Novell ZENworks umaninv Information Disclosure Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the unmaninv web service. The issue lies in the failure to user-supplied sanitize input when returning the contents of a file. An attacker can leverage this vulnerability to retrieve credentials which can then be leveraged to execute code under the context of SYSTEM.