Vigil@nce - Novell NetIQ Sentinel: read-write access
December 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can bypass access restrictions of Novell NetIQ
Sentinel, in order to read or alter files.
– Impacted products: NetIQ Sentinel.
– Severity: 2/4.
– Creation date: 18/10/2016.
DESCRIPTION OF THE VULNERABILITY
The Novell NetIQ Sentinel product uses Apache Commons FileUpload.
However, data unserialized by the DiskFileItem class are not
checked.
An attacker can therefore bypass access restrictions of Novell
NetIQ Sentinel, in order to read or alter files.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Novell-NetIQ-Sentinel-read-write-access-20892