Lucene search

[email protected]CVE-2015-5149

HistoryJun 30, 2015 - 2:59 p.m.

CVE-2015-5149

2015-06-3014:59:06

CWE-22

[email protected]

web.nvd.nist.gov

cve-2015-5149

directory traversal

zoho

manageengine

supportcenter plus

vulnerability

nvd

6.5 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.01 Low

EPSS

Percentile

83.6%

JSON

Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a … (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.

Affected configurations

NVD

Node

zohocorpmanageengine_supportcenter_plusMatch7.90

CPENameOperatorVersion
zohocorp:manageengine_supportcenter_pluszohocorp manageengine supportcenter pluseq7.90

CPE	Name	Operator	Version
zohocorp:manageengine_supportcenter_plus	zohocorp manageengine supportcenter plus	eq	7.90

References

packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html

www.securityfocus.com/bid/75512

www.vulnerability-lab.com/get_content.php?id=1501

www.exploit-db.com/exploits/37322/

6.5 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.01 Low

EPSS

Percentile

83.6%

JSON

Related for CVE-2015-5149

cvelist1 prion1 nvd1 openvas1