CVE-2014-5446

Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.

Published: Dec 4, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-5446
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_it360	10.3.0	10.3.0.x
zohocorp / manageengine_netflow_analyzer	9.8.6	9.8.6.x
zohocorp / manageengine_netflow_analyzer	9.1	9.1.x
zohocorp / manageengine_netflow_analyzer	9.8.5	9.8.5.x
zohocorp / manageengine_netflow_analyzer	10.0-beta	10.0-beta.x
zohocorp / manageengine_netflow_analyzer	9.9	9.9.x
zohocorp / manageengine_netflow_analyzer	9.8	9.8.x
zohocorp / manageengine_netflow_analyzer	8.6	8.6.x
zohocorp / manageengine_netflow_analyzer	9.8.7	9.8.7.x
zohocorp / manageengine_netflow_analyzer	9.7	9.7.x
zohocorp / manageengine_netflow_analyzer	9.0	9.0.x
zohocorp / manageengine_netflow_analyzer	9.6	9.6.x
zohocorp / manageengine_netflow_analyzer	9.5	9.5.x
zohocorp / manageengine_netflow_analyzer	10.2	10.2.x

Vulnerability Database

289,784

CVE-2014-5446