CVE-2018-7675

Potential Information Disclosure in Sentinel

Description

In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing.

References

Link	Tags
https://www.netiq.com/support/kb/doc.php?id=7022706

Frequently Asked Questions

What is the severity of CVE-2018-7675?: CVE-2018-7675 has been scored as a low severity vulnerability.
How to fix CVE-2018-7675?: To fix CVE-2018-7675, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2018-7675 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2018-7675 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2018-7675?: CVE-2018-7675 affects NetIQ Corporation Sentinel.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-200 – Exposure of Sensitive Information to an Unauthorized Actor

References

Frequently Asked Questions