CVE-2014-7866

Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:zohocorp:manageengine_social_it_plus:11.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:zohocorp:manageengine_it360:10.4:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_it360:10.3.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:zohocorp:manageengine_opmanager:8.8:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:10.2:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.0:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:9.2:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:9.4:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.3:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.4:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:9.0:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:9.1:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.1:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.2:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:10.1:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:10.0:*:*:*:*:*:*:*

Information

Published : 2014-12-10 10:59

Updated : 2019-07-15 10:45


NVD link : CVE-2014-7866

Mitre link : CVE-2014-7866


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

zohocorp

  • manageengine_it360
  • manageengine_opmanager
  • manageengine_social_it_plus