{"api_version":"1","generated_at":"2026-04-23T06:07:23+00:00","cve":"CVE-2014-3460","urls":{"html":"https://cve.report/CVE-2014-3460","api":"https://cve.report/api/cve/CVE-2014-3460.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-3460","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-3460"},"summary":{"title":"CVE-2014-3460","description":"Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2014-05-20 11:13:00","updated_at":"2021-04-13 17:21:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"http://secunia.com/advisories/58635","name":"58635","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA58635 - Novell Sentinel Agent Manager "DumpToFile()" Arbitrary Code Execution Vulnerability - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1030434","name":"1030434","refsource":"SECTRACK","tags":[],"title":"Novell Sentinel Agent Manager NQMcsVarSet ActiveX Control Lets Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://zerodayinitiative.com/advisories/ZDI-14-134/","name":"http://zerodayinitiative.com/advisories/ZDI-14-134/","refsource":"MISC","tags":[],"title":"Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/67487","name":"67487","refsource":"BID","tags":[],"title":"Novell NetIQ Sentinel Agent Manager 'NQMcsVarSet' ActiveX Remote Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.novell.com/support/kb/doc.php?id=7015183","name":"http://www.novell.com/support/kb/doc.php?id=7015183","refsource":"CONFIRM","tags":[],"title":"Support | NetIQ Sentinel Agent Manager NQMcsVarSet DumpToFile Remote Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-3460","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3460","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"3460","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"sentinel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3460","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"sentinel_agent_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3460","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netiq","cpe5":"sentinel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3460","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netiq","cpe5":"sentinel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3460","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netiq","cpe5":"sentinel_agent_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3460","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netiq","cpe5":"sentinel_agent_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2014-3460","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"58635","refsource":"SECUNIA","url":"http://secunia.com/advisories/58635"},{"name":"1030434","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1030434"},{"name":"67487","refsource":"BID","url":"http://www.securityfocus.com/bid/67487"},{"name":"http://zerodayinitiative.com/advisories/ZDI-14-134/","refsource":"MISC","url":"http://zerodayinitiative.com/advisories/ZDI-14-134/"},{"name":"http://www.novell.com/support/kb/doc.php?id=7015183","refsource":"CONFIRM","url":"http://www.novell.com/support/kb/doc.php?id=7015183"}]}},"nvd":{"publishedDate":"2014-05-20 11:13:00","lastModifiedDate":"2021-04-13 17:21:00","problem_types":["CWE-22"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microfocus:sentinel:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microfocus:sentinel_agent_manager:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"3460","Ordinal":"70411","Title":"CVE-2014-3460","CVE":"CVE-2014-3460","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"3460","Ordinal":"1","NoteData":"Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"3460","Ordinal":"2","NoteData":"2014-05-20","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"3460","Ordinal":"3","NoteData":"2014-06-18","Type":"Other","Title":"Modified"}]}}}