CVE-2018-7675

EPSS 0.18%
Published 07.03.2018 22:29:00
Last modified 21.11.2024 04:12:31
Source security@opentext.com
Teams watchlist Login
Open Login

In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microfocus ≫ Sentinel Version <= 8.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.367

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:P/I:N/A:N
security@opentext.com	2.8	1.3	1.4	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.netiq.com/support/kb/doc.php?id=7022706

https://nvd.nist.gov/vuln/detail/CVE-2018-7675

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-7675

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-7675

EUVD