CVE-2012-6534

2013-03-2916:08:58

CWE-264

[email protected]

web.nvd.nist.gov

novell

sentinel log manager

cve-2012-6534

data retention policy

remote attackers

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

Low

0.049 Low

EPSS

Percentile

92.8%

JSON

Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a search-results “Save Query As” “Save As Retention Policy” action.

Affected configurations

NVD

Node

novellsentinel_log_managerRange≤1.2.0.2

novellsentinel_log_managerMatch1.0.0.4

novellsentinel_log_managerMatch1.0.0.5

novellsentinel_log_managerMatch1.1.0.0

novellsentinel_log_managerMatch1.1.0.1

novellsentinel_log_managerMatch1.1.0.2

novellsentinel_log_managerMatch1.2

novellsentinel_log_managerMatch1.2.0.1

CPENameOperatorVersion
novell:sentinel_log_managernovell sentinel log managerle1.2.0.2
novell:sentinel_log_managernovell sentinel log managereq1.0.0.4
novell:sentinel_log_managernovell sentinel log managereq1.0.0.5
novell:sentinel_log_managernovell sentinel log managereq1.1.0.0
novell:sentinel_log_managernovell sentinel log managereq1.1.0.1
novell:sentinel_log_managernovell sentinel log managereq1.1.0.2
novell:sentinel_log_managernovell sentinel log managereq1.2
novell:sentinel_log_managernovell sentinel log managereq1.2.0.1

CPE	Name	Operator	Version
novell:sentinel_log_manager	novell sentinel log manager	le	1.2.0.2
novell:sentinel_log_manager	novell sentinel log manager	eq	1.0.0.4
novell:sentinel_log_manager	novell sentinel log manager	eq	1.0.0.5
novell:sentinel_log_manager	novell sentinel log manager	eq	1.1.0.0
novell:sentinel_log_manager	novell sentinel log manager	eq	1.1.0.1
novell:sentinel_log_manager	novell sentinel log manager	eq	1.1.0.2
novell:sentinel_log_manager	novell sentinel log manager	eq	1.2
novell:sentinel_log_manager	novell sentinel log manager	eq	1.2.0.1