This script is Copyright (C) 2016 Tenable Network Security, Inc.
The NetIQ Sentinel server installed on the remote host is affected by
The version of Novell NetIQ Sentinel server installed on the remote
host is prior to 7.4.1. It is, therefore, affected by multiple
- A flaw exists in Apache ActiveMQ in the
processControlCommand() function within the file
broker/TransportConnection.java. An unauthenticated,
remote attacker can exploit this, via a specially
crafted packet, to cause a denial of service condition.
- A flaw exists in the XMLTooling library due to a failure
to properly handle integer conversion exceptions. An
unauthenticated, remote attacker can exploit this, via a
crafted SAML message, to cause a denial of service
- A remote code execution vulnerability exists due to
unsafe deserialize calls of unauthenticated Java objects
to the Apache Commons Collections (ACC) library. An
unauthenticated, remote attacker can exploit this, by
sending a specially crafted serialized Java object via
the RMI interface, to execute arbitrary code with the
privileges of the application. (VulnDB 135498)
See also :
Upgrade to Novell NetIQ Sentinel version 7.4.1 or later.
Alternatively, contact the vendor for a workaround.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true