CVE-2018-7675

Name of the Vulnerable Software and Affected Versions NetIQ Sentinel versions prior to 8.1.x

Description The issue occurs when a Sentinel user is logged into the Sentinel Web Interface, performs tasks, and then goes idle for a period, causing the interface to timeout. If another user logs in without the first user logging out, their credentials are accepted, allowing them to view the previous screen. This may potentially expose another user's events or configuration information.

Recommendations For versions prior to 8.1.x, update to version 8.1.x or later to resolve the issue. As a temporary workaround, consider implementing a policy that requires users to log out when finished using the Sentinel Web Interface to prevent unauthorized access to sensitive information. Additionally, restrict access to sensitive views or configuration information to minimize the risk of exposure.