Information Disclosure Vulnerability in Novell ZENworks Asset Management
CVE-2012-4933

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks Asset Management
Vendor: CVE Published:; 20 October 2012

Summary

The rtrlet web application within Novell ZENworks Asset Management 7.5 features hard-coded credentials that can be exploited by attackers to gain unauthorized access. Specifically, a hard-coded username 'Ivanhoe' and a password 'Scott' are used for the operations GetFile_Password and GetConfigInfo_Password. This flaw allows a remote attacker to manipulate requests directed at the HandleMaintenanceCalls function, potentially exposing sensitive information. Organizations using this product should take immediate action to secure their systems and review access controls.

References

http://www.securitytracker.com/id?1027682

vdb-entryx_refsource_SECTRACK

https://community.rapid7.com/community/metasploit/blog/20...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/79252

vdb-entryx_refsource_XF

EPSS Score

80% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 20, 2012
Vulnerability Reserved
Sep 17, 2012