Lucene search

[email protected]CVE-2014-3460

HistoryMay 20, 2014 - 11:13 a.m.

CVE-2014-3460

2014-05-2011:13:38

CWE-22

[email protected]

web.nvd.nist.gov

netiq sentinel

nqmcsvarset

cve-2014-3460

directory traversal

activex control

remote attack

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.274 Low

EPSS

Percentile

96.8%

JSON

Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname.

Affected configurations

NVD

Node

microfocussentinelMatch-

microfocussentinel_agent_managerMatch-

CPENameOperatorVersion
microfocus:sentinelmicrofocus sentineleq-
microfocus:sentinel_agent_managermicrofocus sentinel agent managereq-

CPE	Name	Operator	Version
microfocus:sentinel	microfocus sentinel	eq	-
microfocus:sentinel_agent_manager	microfocus sentinel agent manager	eq	-

References

secunia.com/advisories/58635

www.novell.com/support/kb/doc.php?id=7015183

www.securityfocus.com/bid/67487

www.securitytracker.com/id/1030434

zerodayinitiative.com/advisories/ZDI-14-134/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.274 Low

EPSS

Percentile

96.8%

JSON

Related for CVE-2014-3460

zdi1 prion2 nessus1 cvelist2 nvd2 cve1