CVE-2012-4933

CWE-2553 documents3 sources

Severity

7.8HIGH

EPSS

77.0%

top 1.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Zenworks Asset Management

Timeline

PublishedOct 20

Latest updateMay 17

Description

The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDnovell/zenworks_asset_management7.5

🔴Vulnerability Details

GHSA

GHSA-w65x-2cwr-hcvq: The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7↗2022-05-17

▶

CVEList

CVE-2012-4933: The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7↗2012-10-20

▶