CVE-2014-6035

Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.

Published: Dec 4, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-6035
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_opmanager	-	11.3.x
zohocorp / manageengine_opmanager	11.4	11.4.x

http://seclists.org/fulldisclosure/2014/Sep/110
https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt
https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix

Vulnerability Database

289,782

CVE-2014-6035