[原文]Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One.
Novell ZENworks Console One Remote-Diagnostics Access
Remote / Network Access
Loss of Confidentiality
Novell ZENworks for Servers contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote authenticated but unprivileged user is accessing Console One, which will allow access to Remote Diagnostic features resulting in a loss of confidentiality.
Upgrade to Novell ZENworks for Servers version 3.0.2 IR4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.