CVE-2012-4933

Name of the Vulnerable Software and Affected Versions Novell ZENworks Asset Management (ZAM) version 7.5

Description The issue concerns the rtrlet web application in the Web Console, where a hard-coded username and password are used for certain operations. Specifically, the GetFile Password and GetConfigInfo Password operations utilize the hard-coded credentials, allowing remote attackers to obtain sensitive information. This can be achieved by crafting a request for the HandleMaintenanceCalls function.

Recommendations For Novell ZENworks Asset Management (ZAM) version 7.5, consider changing the hard-coded username and password for the GetFile Password and GetConfigInfo Password operations to prevent unauthorized access. As a temporary workaround, restrict access to the HandleMaintenanceCalls function until a more secure solution is implemented.