CVE-2014-9372

Currently unrated

Key Information:

Vendor
Manageengine
Status
Password Manager Pro
Vendor
CVE Published:
16 December 2014

Summary

Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename.

References

http://www.zerodayinitiative.com/advisories/ZDI-14-421/
x_refsource_MISC
http://www.manageengine.com/products/passwordmanagerpro/r...
x_refsource_CONFIRM

EPSS Score

2% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.