This host is running Novell ZENWorks Asset Management and is prone to information disclosure vulnerabilities.

Successful exploitation will allow remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. Impact Level: Application

Apply the patch from the below link or update to latest version, For patch refer to http://download.novell.com/Download?buildid=yse-osBjxeo~ For updates refer to http://www.novell.com/products/zenworks/assetmanagement ***** NOTE: Ignore this warning if above mentioned patch is installed. *****

The 'GetFile_Password()' and 'GetConfigInfo_Password()' method within the rtrlet component contains hard coded credentials and can be exploited to gain access to the configuration file and download arbitrary files by specifying an absolute path.

Novell ZENworks Asset Management version 7.5

• http://secunia.com/advisories/50967/
• http://securitytracker.com/id?1027682
• http://www.kb.cert.org/vuls/id/332412
• http://www.osvdb.org/show/osvdb/86410
• https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks

---

Updated on 2015-03-25