CVE-2012-4933 - The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a h

CVE-2012-4933

Summary

The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.

References

Vulnerable Configurations

cpe:2.3:a:novell:zenworks_asset_management:7.5:*:*:*:*:*:*:*
cpe:2.3:a:novell:zenworks_asset_management:7.5:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 29-08-2017 - 01:32)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:N/A:N

refmap via4

cert-vn	VU#332412
misc	https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks
sectrack	1027682
xf	novell-zam-info-disclosure(79252)

Last major update

29-08-2017 - 01:32

Published

20-10-2012 - 18:55

Last modified

29-08-2017 - 01:32