CVE-2018-7675

EPSS 0.18%
Veröffentlicht 07.03.2018 22:29:00
Zuletzt bearbeitet 21.11.2024 04:12:31
Quelle security@opentext.com
CVE-Watchlists
Login
Unerledigt
Login

Potential Information Disclosure in Sentinel

In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microfocus ≫ Sentinel Version <= 8.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.367

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:P/I:N/A:N
security@opentext.com	2.8	1.3	1.4	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.netiq.com/support/kb/doc.php?id=7022706

https://nvd.nist.gov/vuln/detail/CVE-2018-7675

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-7675

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-7675

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-7675