RSS   Vulnerabilities for 'Sentinel'   RSS

2018-03-07
 
CVE-2018-7675

CWE-200
 

 
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing.

 
2016-07-31
 
CVE-2016-1605

 

 
Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field.

 
2014-05-20
 
CVE-2014-3460

CWE-22
 

 
Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname.

 

 >>> Vendor: Netiq 15 Products
Pssecure
Edirectory
Privileged user manager
Sentinel
Sentinel agent manager
Security manager
Access manager
Security solutions for iseries
Self service password reset
Access governance suite
Sentinel server
Imanager
Privileged account manager
Identity manager
Identity reporting


Copyright 2019, cxsecurity.com

 

Back to Top