Lucene search

[email protected]CVE-2014-6034

HistoryDec 04, 2014 - 5:59 p.m.

CVE-2014-6034

2014-12-0417:59:02

CWE-22

[email protected]

web.nvd.nist.gov

cve-2014-6034

directory traversal

zoho

manageengine

opmanager

it security

vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.963 High

EPSS

Percentile

99.6%

JSON

Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a … (dot dot) in the regionID parameter.

Affected configurations

NVD

Node

zohocorpmanageengine_social_it_plusMatch11.0

Node

zohocorpmanageengine_it360Range≤10.4

Node

zohocorpmanageengine_opmanagerMatch8.8

zohocorpmanageengine_opmanagerMatch9.0

zohocorpmanageengine_opmanagerMatch9.1

zohocorpmanageengine_opmanagerMatch9.2

zohocorpmanageengine_opmanagerMatch9.4

zohocorpmanageengine_opmanagerMatch10.0

zohocorpmanageengine_opmanagerMatch10.1

zohocorpmanageengine_opmanagerMatch10.2

zohocorpmanageengine_opmanagerMatch11.0

zohocorpmanageengine_opmanagerMatch11.1

zohocorpmanageengine_opmanagerMatch11.2

zohocorpmanageengine_opmanagerMatch11.3

CPENameOperatorVersion
zohocorp:manageengine_social_it_pluszohocorp manageengine social it pluseq11.0

CPE	Name	Operator	Version
zohocorp:manageengine_social_it_plus	zohocorp manageengine social it plus	eq	11.0

References

seclists.org/fulldisclosure/2014/Sep/110

raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt

support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.963 High

EPSS

Percentile

99.6%

JSON

Related for CVE-2014-6034

checkpoint_advisories1 dsquare1 zdi1 nvd1 packetstorm2 zdt2 prion1 cvelist1 nessus1 securityvulns2 exploitpack1 exploitdb1