// For flags

CVE-2014-100002

ManageEngine Support Center Plus 7916 - Directory Traversal

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.

Vulnerabilidad de salto de directorio en ManageEngine SupportCenter Plus 7.9 anterior a 7917 permite a atacantes remotos leer ficheros arbitrarios a través de un ..%2f (punto punto barra codificada) en el parámetro attach en WorkOrder.do en el adjunto de fichero para un ticket nuevo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-01-29 First Exploit
  • 2015-01-13 CVE Reserved
  • 2015-01-13 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-25 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Zohocorp
Search vendor "Zohocorp"
Manageengine Supportcenter Plus
Search vendor "Zohocorp" for product "Manageengine Supportcenter Plus"
<= 7.9
Search vendor "Zohocorp" for product "Manageengine Supportcenter Plus" and version " <= 7.9"
7916
Affected