Directory Traversal Vulnerability in ZOHO ManageEngine Netflow Analyzer and IT360
CVE-2014-5446

Currently unrated

Key Information:

Vendor

Zohocorp
Status
Manageengine It360
Vendor
CVE Published:
4 December 2014

What is CVE-2014-5446?

A directory traversal vulnerability exists in the DisplayChartPDF servlet of ZOHO ManageEngine Netflow Analyzer and IT360, allowing remote attackers and authenticated users to exploit the filename parameter. By manipulating the filename input with '../', an attacker can potentially access sensitive files on the server, leading to unauthorized information disclosure and escalating risks for the affected systems.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/99046
vdb-entryx_refsource_XF
https://support.zoho.com/portal/manageengine/helpcenter/a...
x_refsource_CONFIRM
http://packetstormsecurity.com/files/129336/ManageEngine-...
x_refsource_MISC

EPSS Score

65% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.