Path Traversal in Zohocorp Manageengine_it360
CVE-2014-5446
Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.657 (98.5th percentile) — read the EPSS interpretation.
Affected products
- Zohocorp Manageengine_it360 — versions 10.3.0
- Zohocorp Manageengine_netflow_analyzer — versions 8.6, 9.0, 9.1
- N/a — versions n/a
Weakness classification (CWE)
References
- netflow-cve20145446-dir-traversal(99046) (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_CONFIRM, Exploit, Patch)
- cve@mitre.org (Exploit, x_refsource_MISC)
- 20141203 Re: [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 (mailing-list, x_refsource_BUGTRAQ)
- 71404 (Exploit, vdb-entry, x_refsource_BID)
- cve@mitre.org (Exploit, x_refsource_MISC)
- 20141130 [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 (mailing-list, x_refsource_BUGTRAQ)
- 20141203 [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 (mailing-list, Exploit, x_refsource_FULLDISC)