What is CVE-2014-7863?

CVE-2014-7863 is a vulnerability in N/a. Published 2020-02-08.

Is CVE-2014-7863 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2014-7863

The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote…

EPSS: 0.882 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclos… (x_refsource_MISC)
raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt (x_refsource_MISC)
www.securityfocus.com/archive/1/archive/1/534575/100/0/threaded (x_refsource_MISC)
seclists.org/fulldisclosure/2015/Jan/114 (x_refsource_MISC)
support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-fai… (x_refsource_MISC)
exchange.xforce.ibmcloud.com/vulnerabilities/100554 (x_refsource_MISC)

Frequently asked questions

What is CVE-2014-7863?: CVE-2014-7863 is a vulnerability in N/a. Published 2020-02-08.
Is CVE-2014-7863 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.