logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2014-6036

Description

Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter.


Affected Software


CPE Name Name Version
zohocorp:manageengine_opmanager zohocorp manageengine opmanager 11.3
zohocorp:manageengine_it360 zohocorp manageengine it360 10.4
zohocorp:manageengine_it360 zohocorp manageengine it360 10.3.0
zohocorp:manageengine_social_it_plus zohocorp manageengine social it plus 11.0

Related