Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0344

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2014-0344
Last Modified 24 Jul 2015 02:38:21
Published 29 Mar 2014 04:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-0344

Summary

Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter.

Vulnerable Systems

Application

  • Zohocorp Manageengine Opstor 8.3


References

CERT-VN - VU#140886

BID - 66499


Last Updated: 27 May 2016 11:04:48