cnvd - cnvd-2018-06631

CNVD-2018-06631

Vulnerability from cnvd - Published: 2018-03-29

Title

NetIQ Sentinel信息泄露漏洞（CNVD-2018-06631）

Description

NetIQ Sentinel是美国NetIQ公司的一套安全信息和事件管理（SIEM）解决方案。该方案能够收集、存储和分析日志数据，并做出报告，同时实时分析安全事件数据。 NetIQ Sentinel 8.1.x之前版本中存在安全漏洞。攻击者可利用该漏洞查看用户事件或配置信息。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.netiq.com/products/sentinel/

Reference

https://www.netiq.com/support/kb/doc.php?id=7022706

Impacted products

Name
NetIQ Sentinel <8.1.*

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-7675"
    }
  },
  "description": "NetIQ Sentinel\u662f\u7f8e\u56fdNetIQ\u516c\u53f8\u7684\u4e00\u5957\u5b89\u5168\u4fe1\u606f\u548c\u4e8b\u4ef6\u7ba1\u7406\uff08SIEM\uff09\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u80fd\u591f\u6536\u96c6\u3001\u5b58\u50a8\u548c\u5206\u6790\u65e5\u5fd7\u6570\u636e\uff0c\u5e76\u505a\u51fa\u62a5\u544a\uff0c\u540c\u65f6\u5b9e\u65f6\u5206\u6790\u5b89\u5168\u4e8b\u4ef6\u6570\u636e\u3002\r\n\r\nNetIQ Sentinel 8.1.x\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770b\u7528\u6237\u4e8b\u4ef6\u6216\u914d\u7f6e\u4fe1\u606f\u3002",
  "discovererName": "Unknow",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.netiq.com/products/sentinel/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-06631",
  "openTime": "2018-03-29",
  "products": {
    "product": "NetIQ Sentinel \u003c8.1.*"
  },
  "referenceLink": "https://www.netiq.com/support/kb/doc.php?id=7022706",
  "serverity": "\u4e2d",
  "submitTime": "2018-03-08",
  "title": "NetIQ Sentinel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-06631\uff09"
}

CVE-2018-7675 (GCVE-0-2018-7675)

Vulnerability from cvelistv5 – Published: 2018-03-07 22:00 – Updated: 2024-08-05 06:31

Title

Potential Information Disclosure in Sentinel

Summary

In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing.

Severity ?

2.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CWE

Potential information leakage

Assigner

microfocus

References

URL

Tags

https://www.netiq.com/support/kb/doc.php?id=7022706

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	NetIQ Corporation	Sentinel	Affected: Sentinel 8.1.X 8.1.X

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:31:05.057Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.netiq.com/support/kb/doc.php?id=7022706"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Sentinel",
          "vendor": "NetIQ Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Sentinel 8.1.X 8.1.X"
            }
          ]
        }
      ],
      "datePublic": "2018-03-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Potential information leakage",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:15:52",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.netiq.com/support/kb/doc.php?id=7022706"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Potential Information Disclosure in Sentinel",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2018-7675",
          "STATE": "PUBLIC",
          "TITLE": "Potential Information Disclosure in Sentinel"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Sentinel",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "Sentinel 8.1.X",
                            "version_value": "8.1.X"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NetIQ Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Potential information leakage"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.netiq.com/support/kb/doc.php?id=7022706",
              "refsource": "CONFIRM",
              "url": "https://www.netiq.com/support/kb/doc.php?id=7022706"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2018-7675",
    "datePublished": "2018-03-07T22:00:00",
    "dateReserved": "2018-03-05T00:00:00",
    "dateUpdated": "2024-08-05T06:31:05.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-06631

CVE-2018-7675 (GCVE-0-2018-7675)

Tags

Sightings

Nomenclature