Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9436

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-9436
Last Modified 05 Jan 2015 04:12:50
Published 02 Jan 2015 02:59:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9436

Summary

Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.

Vulnerable Systems

Application

  • Sysaid 14.4


References

XF - sysaidserver-filename-dir-traversal(99456)

EXPLOIT-DB - 35593

FULLDISC - 20141222 VP-2014-004 SysAid Server Arbitrary File Disclosure

MISC - http://packetstormsecurity.com/files/129705/SysAid-Server-Arbitrary-File-Disclosure.html


Last Updated: 27 May 2016 11:07:25