Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4933

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2012-4933
Last Modified 13 Feb 2013 11:57:19
Published 20 Oct 2012 02:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4933

Summary

The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.

Vulnerable Systems

Application

  • Novell Zenworks Asset Management 7.5


References

CERT-VN - VU#332412

MISC - https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks

XF - novell-zam-info-disclosure(79252)

SECTRACK - 1027682


Last Updated: 27 May 2016 10:53:38