Lucene search

[email protected]CVE-2011-5028

HistoryDec 29, 2011 - 10:55 p.m.

CVE-2011-5028

2011-12-2922:55:01

CWE-22

[email protected]

web.nvd.nist.gov

novell

sentinel

log manager

cve-2011-5028

nvd

directory traversal

vulnerability

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.7%

JSON

Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a … (dot dot) in the filename parameter.

Affected configurations

NVD

Node

novellsentinel_log_managerRange≤1.2.0.1_938

CPENameOperatorVersion
novell:sentinel_log_managernovell sentinel log managerle1.2.0.1_938

CPE	Name	Operator	Version
novell:sentinel_log_manager	novell sentinel log manager	le	1.2.0.1_938

References

archives.neohapsis.com/archives/fulldisclosure/2011-12/0368.html

osvdb.org/77948

secunia.com/advisories/47258

secunia.com/advisories/48760

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5138757.html

www.securitytracker.com/id?1026437

exchange.xforce.ibmcloud.com/vulnerabilities/71861

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.7%

JSON

Related for CVE-2011-5028

nvd1 cvelist1 exploitpack1 prion1 exploitdb1