- Description
- Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-22
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:sentinel:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A11AA2D0-8630-49A1-BAC8-FFFBB28711EE"
},
{
"criteria": "cpe:2.3:a:microfocus:sentinel_agent_manager:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C908818-9B06-48D3-BACB-DA6F71A6FD02"
}
],
"operator": "OR"
}
]
}
]