File Disclosure Vulnerability in ManageEngine OpUtils
CVE-2014-8678

Currently unrated

Key Information:

Vendor: Manageengine
Status: Oputils
Vendor: CVE Published:; 25 November 2014

Summary

A vulnerability exists in the ConfigSaveServlet servlet in ManageEngine OpUtils prior to build 71024, which allows remote attackers to disclose sensitive files by leveraging a crafted filename. This exposes potentially critical data and poses a significant risk to system security.

References

http://www.zerodayinitiative.com/advisories/ZDI-14-386/

x_refsource_MISC

Timeline

Vulnerability published
Nov 25, 2014
Vulnerability Reserved
Nov 7, 2014