|
Description
|
|
Novell has acknowledged multiple vulnerabilities in Novell Sentinel Log Manager, which can be exploited by malicious users to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) Input passed via the "filename" parameter to novelllogmanager/FileDownload is not properly sanitised before being used. This can be exploited to download arbitrary files from local resources via directory traversal sequences.
This vulnerability is confirmed in version 1.2.0.1_938. Other versions may also be affected.
2) Some errors exist in the bundled version of Sun Java.
For more information:
SA44784
|
