CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-100002

Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.77

EPSS Ranking 98.9%

CVSS Severity

CVSS v2 Score 5.0

References

http://osvdb.org/show/osvdb/102656
http://www.exploit-db.com/exploits/31262
https://exchange.xforce.ibmcloud.com/vulnerabilities/90806
https://supportcenter.wiki.zoho.com/ReadMe-V2.html
http://osvdb.org/show/osvdb/102656
http://www.exploit-db.com/exploits/31262
https://exchange.xforce.ibmcloud.com/vulnerabilities/90806
https://supportcenter.wiki.zoho.com/ReadMe-V2.html

Products affected by CVE-2014-100002

Zohocorp » Manageengine Supportcenter Plus » Version: Any

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-100002

Products

Pricing

Contact Us