Lucene search
K

4 matches found

Check Point Advisories
Check Point Advisories
added 2016/09/18 12:0 a.m.7 views

Micro Focus NetIQ Sentinel Server SentinelContext Authentication Bypass (CVE-2016-1605)

The vulnerability is due to a flaw in SentinelContext Java class that allows a user to retrieve a valid authentication cookie from the vulnerable server by providing "admin" user name in an HTTP request. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP...

6.8CVSS1.6AI score0.03811EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/09/15 12:0 a.m.5 views

Micro Focus NetIQ Sentinel Server ReportViewServlet Directory Traversal (CVE-2016-1605)

The vulnerability is due to insufficient validation of fileName parameter within the ReportViewServlet servlet. A remote, authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation allows the attacker to read the content ...

6.8CVSS2.2AI score0.03811EPSS
Exploits0
OpenVAS
OpenVAS
added 2016/08/03 12:0 a.m.15 views

NetIQ Sentinel Server Authentication Bypass and Arbitrary File Download

A vulnerability was discovered in NetIQ Sentinel Server that may allow remote attackers to disclose arbitrary file contents. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

6.8CVSS6.5AI score0.03811EPSS
Exploits0References1
CVE
CVE
added 2016/08/01 1:0 a.m.40 views

CVE-2016-1605

NetIQ Sentinel Server (7.4.x before 7.4.2) is affected by a directory traversal in the ReportViewServlet that allows reading arbitrary files via the PREVIEW value of the fileType field. The vulnerability arises from insufficient validation of the fileName parameter and can lead to arbitrary file ...

6.8CVSS6.4AI score0.03811EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder