Lucene search

[email protected]CVE-2014-8678

HistoryNov 25, 2014 - 3:59 p.m.

CVE-2014-8678

2014-11-2515:59:07

CWE-200

[email protected]

web.nvd.nist.gov

cve-2014-8678

configsaveservlet

manageengine oputils

build 71024

remote attackers

disclose files

crafted filename

savefile

nvd

6.8 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.429 Medium

EPSS

Percentile

97.3%

JSON

The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to “disclose” files via a crafted filename, related to “saveFile.”

Affected configurations

NVD

Node

manageengineoputilsRange≤7.0

CPENameOperatorVersion
manageengine:oputilsmanageengine oputilsle7.0

CPE	Name	Operator	Version
manageengine:oputils	manageengine oputils	le	7.0

References

www.zerodayinitiative.com/advisories/ZDI-14-386/

6.8 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.429 Medium

EPSS

Percentile

97.3%

JSON

Related for CVE-2014-8678

zdi1 prion1 nvd1 cvelist1