CVE-2014-5446
Last modified
CVE-2014-5446 is a vulnerability of currently unknown severity. Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.. EPSS estimates a 54.72% chance of exploitation in the next 30 days.
Description
Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Zohocorp | Manageengine It360 | 10.3.0 | — |
| Zohocorp | Manageengine Netflow Analyzer | 8.6 | — |
| Zohocorp | Manageengine Netflow Analyzer | 9.0 | — |
| Zohocorp | Manageengine Netflow Analyzer | 9.1 | — |
| Zohocorp | Manageengine Netflow Analyzer | 9.5 | — |
| Zohocorp | Manageengine Netflow Analyzer | 9.6 | — |
| Zohocorp | Manageengine Netflow Analyzer | 9.7 | — |
| Zohocorp | Manageengine Netflow Analyzer | 9.8 | — |
| Zohocorp | Manageengine Netflow Analyzer | 9.8.5 | — |
| Zohocorp | Manageengine Netflow Analyzer | 9.8.6 | — |
| Zohocorp | Manageengine Netflow Analyzer | 9.8.7 | — |
| Zohocorp | Manageengine Netflow Analyzer | 9.9 | — |
| Zohocorp | Manageengine Netflow Analyzer | 10.0 | Beta |
| Zohocorp | Manageengine Netflow Analyzer | 10.2 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-5446?
How severe is CVE-2014-5446?
How do I fix CVE-2014-5446?
Are you affected by CVE-2014-5446?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST