Test Kennung:	1.3.6.1.4.1.25623.1.0.902928
Kategorie:	Web application abuses
Titel:	Novell ZENWorks Asset Management Information Disclosure Vulnerabilities
Zusammenfassung:	This host is running Novell ZENWorks Asset Management and is; prone to information disclosure vulnerabilities.
Beschreibung:	Summary: This host is running Novell ZENWorks Asset Management and is prone to information disclosure vulnerabilities. Vulnerability Insight: The 'GetFile_Password()' and 'GetConfigInfo_Password()' method within the rtrlet component contains hard coded credentials and can be exploited to gain access to the configuration file and download arbitrary files by specifying an absolute path. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. Affected Software/OS: Novell ZENworks Asset Management version 7.5 Solution: Apply the patch from the referenced vendor link. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Querverweis:	BugTraq ID: 55933 Common Vulnerability Exposure (CVE) ID: CVE-2012-4933 CERT/CC vulnerability note: VU#332412 http://www.kb.cert.org/vuls/id/332412 https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks http://www.securitytracker.com/id?1027682 XForce ISS Database: novell-zam-info-disclosure(79252) https://exchange.xforce.ibmcloud.com/vulnerabilities/79252
Copyright	Copyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.