Release date:
Updated on:
Affected Systems:
Novell ZENworks Asset Management 7.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-4933
ZENworks is a set of tools used to automate it management and business processes across resources within an organization.
Novell ZENworks Asset Management 7.5 and other versions have security vulnerabilities that can be exploited to leak sensitive information.
1) The "GetFile_Password ()" method in the rtrlet component has a hard-coded credential. By specifying an absolute path, attackers can download arbitrary files.
2) The "GetConfigInfo_Password ()" method in the rtrlet component has a hard-coded credential and can be used to access the configuration file.
<* Source: Juan Vazquez
Link: http://secunia.com/advisories/50967/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Novell
------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://support.novell.com/security-alerts