Path Traversal in Zohocorp Manageengine_eventlog_analyzer
CVE-2014-6037
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable fi…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.817 (99.2th percentile) — read the EPSS interpretation.
Affected products
- Zohocorp Manageengine_eventlog_analyzer — versions 8.2, 9.0
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (Exploit, x_refsource_MISC)
- 34519 (Exploit, exploit, x_refsource_EXPLOIT-DB)
- 20140831 Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities (mailing-list, Exploit, x_refsource_FULLDISC)
- 20140901 [The ManageOwnage Series, part IV]: RCE / file upload in Eventlog Analyzer, feat. special guests h0ng10 and Mogwai Security (mailing-list, x_refsource_FULLDISC)
- cve@mitre.org (Exploit, x_refsource_MISC)
- 20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities (mailing-list, Exploit, x_refsource_FULLDISC)
- 69482 (Exploit, vdb-entry, x_refsource_BID)
- 20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities (mailing-list, Exploit, x_refsource_FULLDISC)
- cve@mitre.org (Exploit, x_refsource_MISC)
- 110642 (x_refsource_OSVDB, vdb-entry)
Frequently asked questions
- What is CVE-2014-6037?
- CVE-2014-6037 is a vulnerability in Zohocorp Manageengine_eventlog_analyzer, classified under Path Traversal. Published 2014-10-26.
- Is CVE-2014-6037 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.