CVE-2014-5446

Published Dec 4, 2014

Last updated 5 years ago

CVSS info 5.0

Overview

Description: Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_it360:10.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9176D056-7350-4371-8F7E-87C2521EEBF2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C395A435-A070-417E-BAE2-3F88202667AA"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DC97355-78DC-469D-8238-F61C5FEB1E42"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4077669-FB97-4148-BDB6-9CF83B3AFDFA"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B9AA3A3-2C5D-4F8C-9903-65FDDDED0CD5"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B32A1323-2DEA-4D62-B1E2-F7747571F0D9"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE066783-A6FB-4006-BC39-B2C1C186890E"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E193D39-7F8C-4E7F-95E6-732A4F836B54"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9321BD1-52EB-4DC0-8A3B-F56D8F24B4E2"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F5B063E-DC2D-4BDC-B119-6B53FDA7059C"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42700600-21C8-4AAC-938D-FA2C3C88B232"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "701C5910-3DBE-4453-9766-07CD2847F21B"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:10.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6EBF8A0-365F-4D23-8FB9-2CDDEA6F2C05"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56D43BC4-F0E5-41D3-9D01-9B5ACC39459F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References