CVE-2014-3460

NetIQ Sentinel Agent Manager - Path Traversal and Arbitrary File Write via NQMcsVarSet ActiveX DumpToFile Method

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname.

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58635
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030434
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67487
Vendor Advisory x_refsource_confirm
http://www.novell.com/support/kb/doc.php?id=7015183
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-14-134/

Scores

EPSS 0.0089
EPSS Percentile 75.9%

Details

CWE
CWE-22
Status published
Products (2)
microfocus/sentinel
microfocus/sentinel_agent_manager
Published May 20, 2014
Tracked Since Feb 18, 2026