CVE-2011-5028

Name of the Vulnerable Software and Affected Versions Novell Sentinel Log Manager version 1.2.0.1 938 and earlier Novell Sentinel versions prior to 7.0.1.0

Description The issue allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter of the novelllogmanager/FileDownload component.

Recommendations For Novell Sentinel Log Manager version 1.2.0.1 938 and earlier, update to a version later than 1.2.0.1 938. For Novell Sentinel versions prior to 7.0.1.0, update to version 7.0.1.0 or later. As a temporary workaround, consider restricting access to the novelllogmanager/FileDownload component to minimize the risk of exploitation.