exploitDog

CVE-2014-0344

Опубликовано: 29 мар. 2014

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter.

Ссылки

http://www.kb.cert.org/vuls/id/140886
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/66499
http://www.kb.cert.org/vuls/id/140886
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/66499

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zohocorp:manageengine_opstor:*:*:*:*:*:*:*:*

Версия до 8.3 (включая)

EPSS

Процентиль: 79%

0.01279

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-cj6r-fr66-xm8j

github

больше 3 лет назад

Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter.

EPSS

Процентиль: 79%

0.01279

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-264