Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.902928 |
Kategorie: | Web application abuses |
Titel: | Novell ZENWorks Asset Management Information Disclosure Vulnerabilities |
Zusammenfassung: | This host is running Novell ZENWorks Asset Management and is; prone to information disclosure vulnerabilities. |
Beschreibung: | Summary: This host is running Novell ZENWorks Asset Management and is prone to information disclosure vulnerabilities. Vulnerability Insight: The 'GetFile_Password()' and 'GetConfigInfo_Password()' method within the rtrlet component contains hard coded credentials and can be exploited to gain access to the configuration file and download arbitrary files by specifying an absolute path. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. Affected Software/OS: Novell ZENworks Asset Management version 7.5 Solution: Apply the patch from the referenced vendor link. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N |
Querverweis: |
BugTraq ID: 55933 Common Vulnerability Exposure (CVE) ID: CVE-2012-4933 CERT/CC vulnerability note: VU#332412 http://www.kb.cert.org/vuls/id/332412 https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks http://www.securitytracker.com/id?1027682 XForce ISS Database: novell-zam-info-disclosure(79252) https://exchange.xforce.ibmcloud.com/vulnerabilities/79252 |
Copyright | Copyright (C) 2012 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |