Lucene search
HistoryDec 04, 2014 - 5:59 p.m.
CVE-2014-6036
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
6.2
Confidence
Low
EPSS
0.942
Percentile
99.2%
Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a … (dot dot) in the fileName parameter.
Affected configurations
Node
zohocorpmanageengine_opmanagerRange≤11.3
Node
zohocorpmanageengine_it360Range≤10.4
ORzohocorpmanageengine_it360Match10.3.0
Node
zohocorpmanageengine_social_it_plusMatch11.0
Related
prion
prion
Directory traversal
2014-12-04 17:59:00
cve
cve
CVE-2014-6036
2014-12-04 17:59:04
checkpoint_advisories
checkpoint_advisories
cvelist
cvelist
CVE-2014-6036
2014-12-04 17:00:00
zdi
zdi
packetstorm
packetstorm
ManageEngine Code Execution / File Deletion
2014-09-29 00:00:00
nessus
nessus
ManageEngine OpManager Multiple Directory Traversal Vulnerabilities
2015-02-16 00:00:00
securityvulns
securityvulns
exploitpack
exploitpack
ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities
2014-11-09 00:00:00
zdt
zdt
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
2018-01-26 00:00:00
exploitdb
exploitdb
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
2014-11-09 00:00:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
6.2
Confidence
Low
EPSS
0.942
Percentile
99.2%
Related for NVD:CVE-2014-6036