CVE-2014-6034: Path Traversal
First published: Thu Dec 04 2014(Updated: )
Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ManageEngine Social IT Plus | =11.0 | |
| ManageEngine IT360 | <=10.4 | |
| ManageEngine OpManager MSP | =8.8 | |
| ManageEngine OpManager MSP | =9.0 | |
| ManageEngine OpManager MSP | =9.1 | |
| ManageEngine OpManager MSP | =9.2 | |
| ManageEngine OpManager MSP | =9.4 | |
| ManageEngine OpManager MSP | =10.0 | |
| ManageEngine OpManager MSP | =10.1 | |
| ManageEngine OpManager MSP | =10.2 | |
| ManageEngine OpManager MSP | =11.0 | |
| ManageEngine OpManager MSP | =11.1 | |
| ManageEngine OpManager MSP | =11.2 | |
| ManageEngine OpManager MSP | =11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-6034?
CVE-2014-6034 is classified as a high severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2014-6034?
To mitigate CVE-2014-6034, users should apply the latest security patches provided by Zoho for the affected ManageEngine products.
Which products are affected by CVE-2014-6034?
CVE-2014-6034 affects ManageEngine OpManager versions 8.8 to 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier.
Can CVE-2014-6034 be exploited by unauthenticated users?
Yes, CVE-2014-6034 can be exploited by remote attackers, including unauthenticated users, to execute arbitrary code.
What type of vulnerability is CVE-2014-6034?
CVE-2014-6034 is a directory traversal vulnerability that allows attackers to write to and execute arbitrary files.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zohocorp
- canonical/manageengine social it plus
- version/manageengine social it plus/11.0
- canonical/manageengine it360
- version/manageengine it360/10.4
- canonical/manageengine opmanager msp
- version/manageengine opmanager msp/8.8
- version/manageengine opmanager msp/9.0
- version/manageengine opmanager msp/9.1
- version/manageengine opmanager msp/9.2
- version/manageengine opmanager msp/9.4
- version/manageengine opmanager msp/10.0
- version/manageengine opmanager msp/10.1
- version/manageengine opmanager msp/10.2
- version/manageengine opmanager msp/11.0
- version/manageengine opmanager msp/11.1
- version/manageengine opmanager msp/11.2
- version/manageengine opmanager msp/11.3