Data Retention Policy Vulnerability in Novell Sentinel Log Manager
CVE-2012-6534

Currently unrated

Key Information:

Vendor: Novell
Status: Sentinel Log Manager
Vendor: CVE Published:; 29 March 2013

Summary

The vulnerability in Novell Sentinel Log Manager allows remote attackers to exploit improper access control. By sending a specially crafted request to the datastore service, attackers can create malicious data retention policies. Additionally, authenticated Report Administrators can be manipulated to create unintentional policies through the 'Save As Retention Policy' feature during search results actions. This vulnerability poses risks to data integrity and security as it enables unauthorized modifications to data retention strategies.

References

http://seclists.org/fulldisclosure/2012/Oct/25

mailing-listx_refsource_FULLDISC

http://support.novell.com/docs/Readmes/InfoDocument/patch...

x_refsource_CONFIRM

https://bugzilla.novell.com/show_bug.cgi?id=771634

x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 29, 2013
Vulnerability Reserved
Feb 22, 2013