Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6534

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-6534
Last Modified 04 Apr 2013 12:00:00
Published 29 Mar 2013 12:08:58
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6534

Summary

Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a search-results "Save Query As" "Save As Retention Policy" action.

Vulnerable Systems

Application

  • Novell Sentinel Log Manager 1.0.0.4

  • Novell Sentinel Log Manager 1.0.0.5

  • Novell Sentinel Log Manager 1.1.0.0

  • Novell Sentinel Log Manager 1.1.0.1

  • Novell Sentinel Log Manager 1.1.0.2

  • Novell Sentinel Log Manager 1.2

  • Novell Sentinel Log Manager 1.2.0.1

  • Novell Sentinel Log Manager 1.2.0.2


References

CONFIRM - https://www.netiq.com/documentation/novelllogmanager12/readme/data/log_manager1203_readme.html

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=771634

CONFIRM - http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5150932.html

FULLDISC - 20121003 Novell Sentinel Log Manager <= 1.2.0.2 retention policy vulnerability


Last Updated: 27 May 2016 11:02:08