Vulnerability Description
The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Zenworks Asset Management | 7.5 |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/332412US Government Resource
- http://www.securitytracker.com/id?1027682
- https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79252
- http://www.kb.cert.org/vuls/id/332412US Government Resource
- http://www.securitytracker.com/id?1027682
- https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79252
FAQ
What is CVE-2012-4933?
CVE-2012-4933 is a vulnerability with a CVSS score of 7.8 (HIGH). The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2...
How severe is CVE-2012-4933?
CVE-2012-4933 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4933?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Zenworks Asset Management.