CVE-2014-5446

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Path Manipulation
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Published on 04/12/14 - Updated on 09/10/18

Description

Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.

Category: Path Manipulation

CWE-22 (Path Traversal)
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Security Notices

US National Vulnerability DatabaseCVE-2014-5446

Exploits

Exploit-DBEDB-43895
SecurityFocusBID-71404

Relative technologies

VendorProduct
zohocorpmanageengine_it360
zohocorpmanageengine_netflow_analyzer

Share this vulnerability with:

Twitter Facebook LinkedIn Mail