Описание
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet.
Ссылки
- ExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
- ExploitMailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitMailing ListThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
- ExploitMailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitMailing ListThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zohocorp:manageengine_it360:10.3.0:*:*:*:*:*:*:*
Конфигурация 2Версия от 8.6 (включая) до 10.2 (включая)
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.90975
Критический
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet.
EPSS
Процентиль: 100%
0.90975
Критический
5 Medium
CVSS2
Дефекты
CWE-22