Описание
Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
- ExploitPatch
- Exploit
- Exploit
- Exploit
- Exploit
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zohocorp:manageengine_it360:10.3.0:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:8.6:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.0:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.1:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.5:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.6:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.7:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.5:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.6:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.7:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.9:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:10.0:beta:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:10.2:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.65741
Средний
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
EPSS
Процентиль: 98%
0.65741
Средний
5 Medium
CVSS2
Дефекты
CWE-22