CVE-2012-6534

Name of the Vulnerable Software and Affected Versions Novell Sentinel Log Manager versions prior to 1.2.0.3

Description The issue allows remote attackers to create data retention policies by sending a crafted text/x-gwt-rpc request to the "novelllogmanager/datastorageservice.rpc" API endpoint. Additionally, remote authenticated Report Administrators can create data retention policies via a "Save Query As" and then "Save As Retention Policy" action in the search results.

Recommendations For versions prior to 1.2.0.3, update to version 1.2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "novelllogmanager/datastorageservice.rpc" API endpoint and limiting the ability of Report Administrators to create data retention policies via the search results "Save Query As" and "Save As Retention Policy" action.