Environment
NetIQ Sentinel 8.0 Sentinel Server
Situation
A vulnerability was discovered in NetIQ Sentinel Server that may allow leakage of information and remote denial of service.
Resolution
Resolution:
Customers should upgrade to Sentinel 8.0.1
Credit:
Special thanks is given to Jacob Baines, Tenable Network Security for finding and reporting these vulnerabilities.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5184http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5185CVE-2017-5184 for the account enumeration part.CVE-2017-5185 for the remote denial of service parts in the report.