CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-1605

Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 73.3%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 6.8

References

http://www.zerodayinitiative.com/advisories/ZDI-16-406
https://www.netiq.com/support/kb/doc.php?id=7017803
http://www.zerodayinitiative.com/advisories/ZDI-16-406
https://www.netiq.com/support/kb/doc.php?id=7017803

Products affected by CVE-2016-1605

Netiq » Sentinel » Version: 7.4

cpe:2.3:a:netiq:sentinel:7.4
Netiq » Sentinel » Version: 7.4.1

cpe:2.3:a:netiq:sentinel:7.4.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-1605

Products

Pricing

Contact Us