Directory Traversal Vulnerability in ZOHO ManageEngine Products
CVE-2014-6034

Currently unrated

Key Information:

Vendor

Zohocorp
Status
Manageengine Social It Plus
Vendor
CVE Published:
4 December 2014

What is CVE-2014-6034?

A directory traversal vulnerability exists in the FileCollector servlet of ZOHO ManageEngine OpManager, Social IT Plus, and IT360. This vulnerability allows remote attackers or authenticated users to manipulate the regionID parameter by using '../' sequences, enabling them to access, write, or execute arbitrary WAR files on the server. Exploiting this flaw can lead to unauthorized access, remote code execution, and severe compromises of server integrity.

References

https://support.zoho.com/portal/manageengine/helpcenter/a...
x_refsource_CONFIRM
https://raw.githubusercontent.com/pedrib/PoC/master/Manag...
x_refsource_MISC
http://seclists.org/fulldisclosure/2014/Sep/110
mailing-listx_refsource_FULLDISC

EPSS Score

89% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.