Summary
The host is running Novell Sentinel Log Manager and is prone security bypass vulnerability.
Impact
Successful exploitation will allow attackers to bypass certain security restrictions.
Impact Level: Application
Solution
Apply the patch or upgrade to 1.2.0.3 or later,
https://www.netiq.com/products/sentinel-log-manager/
Insight
The flaw is due to an error when saving a retention policy and can be exploited by a report administrator (read only role) to create new policies.
Affected
Novell Sentinel Log Manager version 1.2.0.2 and prior
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- A-Blog 'sources/search.php' SQL Injection Vulnerability
- Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
- AVTECH DVR Multiple Vulnerabilities
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- Atutor AContent Multiple SQL Injection and XSS Vulnerabilities