Directory Traversal Vulnerability in ManageEngine NetFlow Analyzer
CVE-2014-9373

Currently unrated

Key Information:

Vendor: Manageengine
Status: Netflow Analyzer
Vendor: CVE Published:; 16 December 2014

Summary

A directory traversal vulnerability exists in the CollectorConfInfoServlet of ManageEngine NetFlow Analyzer, which permits remote attackers to access restricted directories and execute arbitrary code through crafted filenames utilizing '..' sequences.

References

http://www.zerodayinitiative.com/advisories/ZDI-14-422/

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 16, 2014
Vulnerability Reserved
Dec 11, 2014