Directory Traversal Vulnerability in ZOHO ManageEngine Products
CVE-2014-6034

Currently unrated

Key Information:

Vendor

Zohocorp
Status
Manageengine Social It Plus
Vendor
CVE Published:
4 December 2014

What is CVE-2014-6034?

A directory traversal vulnerability exists in the FileCollector servlet of ZOHO ManageEngine OpManager, Social IT Plus, and IT360. This vulnerability allows remote attackers or authenticated users to manipulate the regionID parameter by using '../' sequences, enabling them to access, write, or execute arbitrary WAR files on the server. Exploiting this flaw can lead to unauthorized access, remote code execution, and severe compromises of server integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://support.zoho.com/portal/manageengine/helpcenter/a...
x_refsource_CONFIRM
https://raw.githubusercontent.com/pedrib/PoC/master/Manag...
x_refsource_MISC
http://seclists.org/fulldisclosure/2014/Sep/110
mailing-listx_refsource_FULLDISC

EPSS Score

86% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.