CVE-2012-4933
Novell ZENworks Asset Management 7.5 Remote File Access
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.
La aplicación web rtrlet en la consola Web de Novell ZENworks Asset Management (ZAM) v7.5 utiliza un nombre de usuario no modificable de Ivanhoe y una contraseña codificada de Scott para operaciones (1) GetFile_Password y (2) GetConfigInfo_Password, lo que permite a atacantes remotos obtener información sensible a través de una solicitud rtrlet/rtr modificada de la función HandleMaintenanceCalls.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-09-17 CVE Reserved
- 2012-10-20 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-11-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.kb.cert.org/vuls/id/332412 | Third Party Advisory | |
http://www.securitytracker.com/id?1027682 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/79252 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Novell Search vendor "Novell" | Zenworks Asset Management Search vendor "Novell" for product "Zenworks Asset Management" | 7.5 Search vendor "Novell" for product "Zenworks Asset Management" and version "7.5" | - |
Affected
|