Lucene search
HistoryMar 29, 2014 - 8:55 p.m.
CVE-2014-0344
cve-2014-0344
zoho manageengine opstor
privilege escalation
vulnerability
nvd
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
6.3 Medium
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.7%
Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter.
Affected configurations
Node
zohocorpmanageengine_opstorRangeβ€8.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| zohocorp:manageengine_opstor | zohocorp manageengine opstor | le | 8.3 |
Related
nvd
nvd
CVE-2014-0344
2014-03-29 20:55:04
CVE-2014-2670
2014-03-29 20:55:04
prion
prion
Design/Logic Flaw
2014-03-29 20:55:00
Cross site scripting
2014-03-29 20:55:00
seebug
seebug
ManageEngine OpStorθ·¨η«θζ¬εηΉζζεζΌζ΄
2014-03-31 00:00:00
cert
cert
ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities
2014-03-27 00:00:00
cvelist
cvelist
CVE-2014-0344
2014-03-29 20:00:00
CVE-2014-2670
2014-03-29 20:00:00
cve
cve
CVE-2014-2670
2014-03-29 20:55:04
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
6.3 Medium
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.7%
Related for CVE-2014-0344