Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-100002

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-100002
Last Modified 13 Jan 2015 03:48:57
Published 13 Jan 2015 06:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-100002

Summary

Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.

Vulnerable Systems

Application

  • Zohocorp Manageengine Supportcenter Plus 7.9


References

CONFIRM - https://supportcenter.wiki.zoho.com/ReadMe-V2.html

XF - support-center-directory-traversal(90806)

EXPLOIT-DB - 31262

OSVDB - 102656


Last Updated: 27 May 2016 11:07:30