Intrusion Prevention

Novell.Sentinel.Log.Manager.Retention.Policy.Security.Bypass

Description

This indicates an attack attempt to exploit a Security Bypass vulnerability in Novell Sentinel Log Manager.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to create unauthorized data retention policies.

Affected Products

Novell Sentinel Log Manager prior to 1.2.0.3

Impact

Security Bypass: Remote attackers can bypass security checking of vulnerable systems.

Recommended Actions

Apply patch available from the vendor's website.
https://www.netiq.com/documentation/novelllogmanager12/log_manager_readme/data/log_manager_readme.html

CVE References

CVE-2012-6534