CVE-2014-3460

Published: May 20, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname.

Affected (2)

Products: Microfocus: Sentinel, Sentinel Agent Manager

Microfocus

2 products

Sentinel

Sentinel Agent Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microfocus Sentinel	All versions
Microfocus Sentinel Agent Manager	All versions

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (10)

http://secunia.com/advisories/58635

Source: cve@mitre.org

http://www.novell.com/support/kb/doc.php?id=7015183

Source: cve@mitre.org

http://www.securityfocus.com/bid/67487

Source: cve@mitre.org

http://www.securitytracker.com/id/1030434

Source: cve@mitre.org

http://zerodayinitiative.com/advisories/ZDI-14-134/

Source: cve@mitre.org

http://secunia.com/advisories/58635