Lucene search

K

[email protected]NVD:CVE-2014-6036

HistoryDec 04, 2014 - 5:59 p.m.

CVE-2014-6036

2014-12-0417:59:04

CWE-22

[email protected]

web.nvd.nist.gov

2

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.937 High

EPSS

Percentile

99.1%

Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a … (dot dot) in the fileName parameter.

Affected configurations

NVD

Node

zohocorpmanageengine_opmanagerRange≤11.3

Node

zohocorpmanageengine_it360Range≤10.4

OR

zohocorpmanageengine_it360Match10.3.0

Node

zohocorpmanageengine_social_it_plusMatch11.0

References

seclists.org/fulldisclosure/2014/Sep/110

raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt

support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.937 High

EPSS

Percentile

99.1%

Related for NVD:CVE-2014-6036

checkpoint_advisories1 cvelist1 zdi1 prion1 cve1 securityvulns2 nessus1 packetstorm1 zdt1 exploitpack1 exploitdb1