4 matches found
Micro Focus NetIQ Sentinel Server SentinelContext Authentication Bypass (CVE-2016-1605)
The vulnerability is due to a flaw in SentinelContext Java class that allows a user to retrieve a valid authentication cookie from the vulnerable server by providing "admin" user name in an HTTP request. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP...
Micro Focus NetIQ Sentinel Server ReportViewServlet Directory Traversal (CVE-2016-1605)
The vulnerability is due to insufficient validation of fileName parameter within the ReportViewServlet servlet. A remote, authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation allows the attacker to read the content ...
NetIQ Sentinel Server Authentication Bypass and Arbitrary File Download
A vulnerability was discovered in NetIQ Sentinel Server that may allow remote attackers to disclose arbitrary file contents. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2016-1605
NetIQ Sentinel Server (7.4.x before 7.4.2) is affected by a directory traversal in the ReportViewServlet that allows reading arbitrary files via the PREVIEW value of the fileType field. The vulnerability arises from insufficient validation of the fileName parameter and can lead to arbitrary file ...