Application Exception - [OWASP 2010 A 6] vulnerability found on ZCC page

An attacker might gain administrative control of your web application by using vulnerabilities known to be in the servers or server-side technologies used.

This is fixed in version 11.2.4 - see KB 7012027 "ZENworks Configuration Management 11.2.4 - update information and list of fixes" which can be found at https://support.microfocus.com/kb/doc.php?id=7012027

How it was fixed: This is handled by removing the trace info which was being displaying earlier and displayed into the ZCC.log file. Instead of trace info displaying the error message in ZCC which will give the info for the zcc.log

Application Exceptions are vulnerabilities where unexpected inputs can trigger inappropriate exceptions, or error responses disclosing implementation information, such as a stack trace. The SmartAttack sends various unusual inputs and looks for text in responses evidencing poor error handling.

Assigned CVE-2013-6345

It is also be possible to gain remote access to restricted information via exploit of some vulnerability in your application. An Application Exception vulnerability helps the attacker in formulating the correct attack depending on information disclosed in the error message. Such an error message may also disclose information about the deployment of the server, such as the database server used, server-side technology used, etc.