Novell ZENworks Asset Management Arbitrary Files Disclosure Vulnerability
Last Update Date:
19 Oct 2012 09:55
Release Date:
19 Oct 2012
4880
Views
RISK: High Risk
TYPE: Operating Systems - Networks OS
A vulnerability has been identified in Novell ZENworks Asset Management. A remote user can view arbitrary files on the target system.
A remote user can use hard-coded credentials when invoking a maintenance function to read files on the target system with System privileges. The HandleMaintenanceCalls() function accepts a username of 'Ivanhoe' and password of 'Scott'.
Note: No vendor patch is available.
Impact
- Information Disclosure
System / Technologies affected
- Version 7.5
Solutions
- Note: No vendor patch is available.
Vulnerability Identifier
Source
Related Link
Share with