CVE-2014-5446

2014-12-0417:59:01

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.925

Percentile

99.0%

JSON

Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a … (dot dot) in the filename parameter.

Affected configurations

Nvd

Node

zohocorpmanageengine_it360Match10.3.0

Node

zohocorpmanageengine_netflow_analyzerMatch8.6

zohocorpmanageengine_netflow_analyzerMatch9.0

zohocorpmanageengine_netflow_analyzerMatch9.1

zohocorpmanageengine_netflow_analyzerMatch9.5

zohocorpmanageengine_netflow_analyzerMatch9.6

zohocorpmanageengine_netflow_analyzerMatch9.7

zohocorpmanageengine_netflow_analyzerMatch9.8

zohocorpmanageengine_netflow_analyzerMatch9.8.5

zohocorpmanageengine_netflow_analyzerMatch9.8.6

zohocorpmanageengine_netflow_analyzerMatch9.8.7

zohocorpmanageengine_netflow_analyzerMatch9.9

zohocorpmanageengine_netflow_analyzerMatch10.0beta

zohocorpmanageengine_netflow_analyzerMatch10.2

VendorProductVersionCPE
zohocorpmanageengine_it36010.3.0cpe:2.3:a:zohocorp:manageengine_it360:10.3.0:*:*:*:*:*:*:*
zohocorpmanageengine_netflow_analyzer8.6cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:8.6:*:*:*:*:*:*:*
zohocorpmanageengine_netflow_analyzer9.0cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.0:*:*:*:*:*:*:*
zohocorpmanageengine_netflow_analyzer9.1cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.1:*:*:*:*:*:*:*
zohocorpmanageengine_netflow_analyzer9.5cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.5:*:*:*:*:*:*:*
zohocorpmanageengine_netflow_analyzer9.6cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.6:*:*:*:*:*:*:*
zohocorpmanageengine_netflow_analyzer9.7cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.7:*:*:*:*:*:*:*
zohocorpmanageengine_netflow_analyzer9.8cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8:*:*:*:*:*:*:*
zohocorpmanageengine_netflow_analyzer9.8.5cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.5:*:*:*:*:*:*:*
zohocorpmanageengine_netflow_analyzer9.8.6cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_it360	10.3.0	cpe:2.3:a:zohocorp:manageengine_it360:10.3.0:::::::*
zohocorp	manageengine_netflow_analyzer	8.6	cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:8.6:::::::*
zohocorp	manageengine_netflow_analyzer	9.0	cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.0:::::::*
zohocorp	manageengine_netflow_analyzer	9.1	cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.1:::::::*
zohocorp	manageengine_netflow_analyzer	9.5	cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.5:::::::*
zohocorp	manageengine_netflow_analyzer	9.6	cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.6:::::::*
zohocorp	manageengine_netflow_analyzer	9.7	cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.7:::::::*
zohocorp	manageengine_netflow_analyzer	9.8	cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8:::::::*
zohocorp	manageengine_netflow_analyzer	9.8.5	cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.5:::::::*
zohocorp	manageengine_netflow_analyzer	9.8.6	cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.6:::::::*