logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2014-6034

Description

Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.


Affected Software


CPE Name Name Version
zohocorp:manageengine_social_it_plus zohocorp manageengine social it plus 11.0
zohocorp:manageengine_it360 zohocorp manageengine it360 10.4
zohocorp:manageengine_opmanager zohocorp manageengine opmanager 8.8
zohocorp:manageengine_opmanager zohocorp manageengine opmanager 10.0
zohocorp:manageengine_opmanager zohocorp manageengine opmanager 10.2
zohocorp:manageengine_opmanager zohocorp manageengine opmanager 11.1
zohocorp:manageengine_opmanager zohocorp manageengine opmanager 9.0
zohocorp:manageengine_opmanager zohocorp manageengine opmanager 9.1
zohocorp:manageengine_opmanager zohocorp manageengine opmanager 11.2
zohocorp:manageengine_opmanager zohocorp manageengine opmanager 11.3
zohocorp:manageengine_opmanager zohocorp manageengine opmanager 10.1
zohocorp:manageengine_opmanager zohocorp manageengine opmanager 11.0
zohocorp:manageengine_opmanager zohocorp manageengine opmanager 9.2
zohocorp:manageengine_opmanager zohocorp manageengine opmanager 9.4

Related