CVE-2014-3460
Summary
| CVE | CVE-2014-3460 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-05-20 11:13:00 UTC |
| Updated | 2021-04-13 17:21:00 UTC |
| Description | Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microfocus | Sentinel | - | All | All | All |
| Application | Microfocus | Sentinel Agent Manager | - | All | All | All |
| Application | Netiq | Sentinel | - | All | All | All |
| Application | Netiq | Sentinel | - | All | All | All |
| Application | Netiq | Sentinel Agent Manager | - | All | All | All |
| Application | Netiq | Sentinel Agent Manager | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory SA58635 - Novell Sentinel Agent Manager "DumpToFile()" Arbitrary Code Execution Vulnerability - Secunia | SECUNIA | secunia.com | |
| Novell Sentinel Agent Manager NQMcsVarSet ActiveX Control Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Zero Day Initiative | MISC | zerodayinitiative.com | |
| Novell NetIQ Sentinel Agent Manager 'NQMcsVarSet' ActiveX Remote Code Execution Vulnerability | BID | www.securityfocus.com | |
| Support | NetIQ Sentinel Agent Manager NQMcsVarSet DumpToFile Remote Code Execution Vulnerability | CONFIRM | www.novell.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.