Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2014-6035
Deferred
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-04 Dec, 2014 | 17:59
Updated At-12 Apr, 2025 | 10:46

Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_opmanager>>Versions up to 11.3(inclusive)
cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_opmanager>>11.4
cpe:2.3:a:zohocorp:manageengine_opmanager:11.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2014/Sep/110cve@mitre.org
Exploit
https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txtcve@mitre.org
Exploit
https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fixcve@mitre.org
Patch
http://seclists.org/fulldisclosure/2014/Sep/110af854a3a-2127-422b-91ae-364da2661108
Exploit
https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fixaf854a3a-2127-422b-91ae-364da2661108
Patch
Change History
0Changes found
Details not found