Skip to main content

Novell ZENworks Asset Management Arbitrary Files Disclosure Vulnerability

Last Update Date: 19 Oct 2012 09:55 Release Date: 19 Oct 2012 4880 Views

RISK: High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

A vulnerability has been identified in Novell ZENworks Asset Management. A remote user can view arbitrary files on the target system.

 

A remote user can use hard-coded credentials when invoking a maintenance function to read files on the target system with System privileges. The HandleMaintenanceCalls() function accepts a username of 'Ivanhoe' and password of 'Scott'.

 

Note: No vendor patch is available.


Impact

  • Information Disclosure

System / Technologies affected

  •  Version 7.5

Solutions

  • Note: No vendor patch is available.

Vulnerability Identifier


Source


Related Link