CVE-2014-5445

Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet.
Configurations

Configuration 1 (hide)

cpe:2.3:a:zohocorp:manageengine_it360:10.3.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-12-04 17:59

Updated : 2024-02-04 18:35


NVD link : CVE-2014-5445

Mitre link : CVE-2014-5445

CVE.ORG link : CVE-2014-5445


JSON object : View

Products Affected

zohocorp

  • manageengine_netflow_analyzer
  • manageengine_it360
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')