CVE-2015-0784

Published: Aug 9, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable.

Affected (1)

Products: Novell: Zenworks Configuration Management

Novell

1 product

Zenworks Configuration Management

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Novell Zenworks Configuration Management	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://www.securityfocus.com/bid/74289

Source: security@opentext.com

http://www.securitytracker.com/id/1032166

Source: security@opentext.com

http://www.zerodayinitiative.com/advisories/ZDI-15-149

Source: security@opentext.com

https://www.novell.com/support/kb/doc.php?id=7016431

Source: security@opentext.com

http://www.securityfocus.com/bid/74289

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032166

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-15-149

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.novell.com/support/kb/doc.php?id=7016431

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.