Описание
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListNot ApplicableThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ProductVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListNot ApplicableThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ProductVendor Advisory
Уязвимые конфигурации
EPSS
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value.
EPSS
4.3 Medium
CVSS3
4 Medium
CVSS2