Path Traversal in Zohocorp Manageengine_opmanager
CVE-2014-6035
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.116 (93.8th percentile) — read the EPSS interpretation.
Affected products
- Zohocorp Manageengine_opmanager — versions 11.4
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- cve@mitre.org (Exploit, x_refsource_MISC)
- 20140927 [The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360 (mailing-list, Exploit, x_refsource_FULLDISC)