Absolute Path Traversal Vulnerabilities in ZOHO ManageEngine Products
CVE-2014-5445

Currently unrated

Key Information:

Vendor

Zohocorp
Status
Manageengine It360
Vendor
CVE Published:
4 December 2014

What is CVE-2014-5445?

Multiple absolute path traversal vulnerabilities exist within ZOHO ManageEngine products, specifically in the Netflow Analyzer and IT360 applications. These vulnerabilities enable remote attackers, or authenticated users, to exploit the 'schFilePath' parameter in the CSVServlet and CReportPDFServlet servlets, potentially granting them unauthorized access to sensitive files. This flaw could lead to disclosure of critical information stored on the server, highlighting the importance of prompt remediation.

References

https://support.zoho.com/portal/manageengine/helpcenter/a...
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/99045
vdb-entryx_refsource_XF
http://packetstormsecurity.com/files/129336/ManageEngine-...
x_refsource_MISC

EPSS Score

91% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.