Path Traversal in Zohocorp Manageengine_it360
CVE-2014-6036
Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbit…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.365 (97.2th percentile) — read the EPSS interpretation.
Affected products
- Zohocorp Manageengine_it360 — versions 10.3.0
- Zohocorp Manageengine_opmanager
- Zohocorp Manageengine_social_it_plus — versions 11.0
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- cve@mitre.org (Exploit, x_refsource_MISC)
- 20140927 [The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360 (mailing-list, Exploit, x_refsource_FULLDISC)