Lucene search
HistoryJun 30, 2015 - 2:59 p.m.
CVE-2015-5149
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0.01
Percentile
83.7%
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a … (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.
Affected configurations
Node
zohocorpmanageengine_supportcenter_plusMatch7.90
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zohocorp | manageengine_supportcenter_plus | 7.90 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:7.90:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2015-5149
2015-06-30 14:00:00
prion
prion
Directory traversal
2015-06-30 14:59:00
cve
cve
CVE-2015-5149
2015-06-30 14:59:06
exploitdb
exploitdb
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities
2015-06-19 00:00:00
openvas
openvas
ManageEngine SupportCenter Plus Multiple Vulnerabilities (Jun 2015)
2015-06-25 00:00:00
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0.01
Percentile
83.7%
Related for NVD:CVE-2015-5149