CVE-2014-3460

Sažetak

Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname.

Reference

http://secunia.com/advisories/58635
http://www.novell.com/support/kb/doc.php?id=7015183
http://www.securityfocus.com/bid/67487
http://www.securitytracker.com/id/1030434
http://zerodayinitiative.com/advisories/ZDI-14-134/

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

13-04-2021 - 17:21

Objavljeno

20-05-2014 - 11:13