Novell » Sentinel Log Manager : Security Vulnerabilities, CVEs,
Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a search-results "Save Query As" "Save As Retention Policy" action.
Max CVSS
4.3
EPSS Score
7.10%
Published
2013-03-29
Updated
2017-10-05
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
Max CVSS
4.0
EPSS Score
1.44%
Published
2011-12-29
Updated
2017-08-29
2 vulnerabilities found