Novell · Novell Sentinel Log Manager · CVE-2012-6534
**Name of the Vulnerable Software and Affected Versions**
Novell Sentinel Log Manager versions prior to 1.2.0.3
**Description**
The issue allows remote attackers to create data retention policies by sending a crafted text/x-gwt-rpc request to the "novelllogmanager/datastorageservice.rpc" API endpoint. Additionally, remote authenticated Report Administrators can create data retention policies via a "Save Query As" and then "Save As Retention Policy" action in the search results.
**Recommendations**
For versions prior to 1.2.0.3, update to version 1.2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "novelllogmanager/datastorageservice.rpc" API endpoint and limiting the ability of Report Administrators to create data retention policies via the search results "Save Query As" and "Save As Retention Policy" action.