4 matches found
CVE-2015-0784
Rtrlet.class in Novell ZENworks Configuration Management ZCM allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable...
CVE-2015-0784
This CVE affects Novell ZENworks Configuration Management (ZCM). The vulnerability is in Rtrlet.class, where a remote attacker can obtain Session IDs of logged-in users by sending a POST request with the maintenance variable set to ShowLogins. The issue is an information-disclosure flaw; exploita...
Novell ZENworks Configuration Management Session ID Information Disclosure (CVE-2015-0784)
An information disclosure vulnerability exists in Novell ZENworks Configuration Management. The vulnerability is due to exposure of insecure functionality within Rtrlet.class. A remote unauthenticated attacker can leverage this vulnerability to disclosure Session IDs of the logged in users which...
Novell Zenworks Rtrlet.class Session ID Disclosure Vulnerability
This vulnerability allows attackers to disclose Session ID's of logged in users on vulnerable installations of Novell Zenworks. User interaction is not required to exploit this vulnerability. The specific flaw exists within Rtrlet.class. By sending a POST request with the maintenance variable set...