CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-5007

Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.484

EPSS Ranking 97.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

Products affected by CVE-2014-5007

Zohocorp » Manageengine Desktop Central » Version: 7.0

cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0
Zohocorp » Manageengine Desktop Central » Version: 7.0.0

cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0.0
Zohocorp » Manageengine Desktop Central » Version: 7.0.1

cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0.1
Zohocorp » Manageengine Desktop Central » Version: 8.0.0

cpe:2.3:a:zohocorp:manageengine_desktop_central:8.0.0
Zohocorp » Manageengine Desktop Central » Version: 9.0

cpe:2.3:a:zohocorp:manageengine_desktop_central:9.0
Zohocorp » Manageengine Desktop Central Managed Service Providers » Version: 7.0

cpe:2.3:a:zohocorp:manageengine_desktop_central_managed_service_providers:7.0
Zohocorp » Manageengine Desktop Central Managed Service Providers » Version: 9.0

cpe:2.3:a:zohocorp:manageengine_desktop_central_managed_service_providers:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-5007

Products

Pricing

Contact Us