Sentinel Server leakage of information (CVE-2017-5184) and remote denial of service issue (CVE-2017-5185)

  • 7018753
  • 29-Mar-2017
  • 30-Mar-2017

Environment

NetIQ Sentinel 8.0 Sentinel Server

Situation

A vulnerability was discovered in NetIQ Sentinel Server that may allow leakage of information and remote denial of service.

Resolution

Resolution: 

Customers should upgrade to Sentinel 8.0.1

Credit:  

Special thanks is given to Jacob Baines, Tenable Network Security for finding and reporting these vulnerabilities.

References: 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5185

CVE-2017-5184 for the account enumeration part.

CVE-2017-5185 for the remote denial of service parts in the report.