CVE-2014-6034

Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt	Exploit
https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix	Patch
http://seclists.org/fulldisclosure/2014/Sep/110	Exploit

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:zohocorp:manageengine_social_it_plus:11.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:zohocorp:manageengine_it360:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:zohocorp:manageengine_opmanager:8.8:::::::*
	cpe:2.3:a:zohocorp:manageengine_opmanager:10.0:::::::*
	cpe:2.3:a:zohocorp:manageengine_opmanager:10.2:::::::*
	cpe:2.3:a:zohocorp:manageengine_opmanager:11.1:::::::*
	cpe:2.3:a:zohocorp:manageengine_opmanager:9.0:::::::*
	cpe:2.3:a:zohocorp:manageengine_opmanager:9.1:::::::*
	cpe:2.3:a:zohocorp:manageengine_opmanager:11.2:::::::*
	cpe:2.3:a:zohocorp:manageengine_opmanager:11.3:::::::*
	cpe:2.3:a:zohocorp:manageengine_opmanager:10.1:::::::*
	cpe:2.3:a:zohocorp:manageengine_opmanager:11.0:::::::*
	cpe:2.3:a:zohocorp:manageengine_opmanager:9.2:::::::*
	cpe:2.3:a:zohocorp:manageengine_opmanager:9.4:::::::*

Information

Published : 2014-12-04 09:59

Updated : 2014-12-05 05:45

NVD link : CVE-2014-6034

Mitre link : CVE-2014-6034

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

Products Affected

zohocorp

manageengine_it360
manageengine_opmanager
manageengine_social_it_plus

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt", "name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix", "name": "https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://seclists.org/fulldisclosure/2014/Sep/110", "name": "20140927 [The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360", "tags": ["Exploit"], "refsource": "FULLDISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-6034", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-12-04T17:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_social_it_plus:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_it360:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.4"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:8.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:10.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:11.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-12-05T13:45Z"}