Directory Traversal Vulnerability in ManageEngine SupportCenter Plus Product by Zoho
CVE-2014-100002

Currently unrated

Key Information:

Vendor

Zohocorp
Status
Manageengine Supportcenter Plus
Vendor
CVE Published:
13 January 2015

What is CVE-2014-100002?

ManageEngine SupportCenter Plus versions prior to 7917 are susceptible to a directory traversal vulnerability that enables remote attackers to gain unauthorized access to system files. By manipulating the attach parameter in the WorkOrder.do file and using dot-dot encoded slashes, attackers can effectively read arbitrary files, potentially exposing sensitive data and compromising the integrity of the affected system.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/90806
vdb-entryx_refsource_XF
http://www.exploit-db.com/exploits/31262
exploitx_refsource_EXPLOIT-DB
https://supportcenter.wiki.zoho.com/ReadMe-V2.html
x_refsource_CONFIRM

EPSS Score

77% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.