Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-6034

CWE-22Path Traversal5 documents4 sources
Severity
5.0MEDIUM
EPSS
86.6%
top 0.58%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Zohocorp Manageengine It360Zohocorp Manageengine OpmanagerZohocorp Manageengine Social IT Plus
Timeline
PublishedDec 4
Latest updateMay 17

Description

Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

Patches

Patch: support.zoho.comPatch: support.zoho.com

🔴Vulnerability Details

2
GHSA
GHSA-4jr7-wrr7-7q7v: Directory traversal vulnerability in the com2022-05-17
CVEList
CVE-2014-6034: Directory traversal vulnerability in the com2014-12-04

💥Exploits & PoCs

2
Exploit-DB
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities2014-11-09
Exploit-DB
ManageEngine OpManager / Social IT - Arbitrary File Upload (Metasploit)2014-10-02
CVE-2014-6034 (MEDIUM CVSS 5) | Directory traversal vulnerability i | cvebase.io