CVE-2014-9372 — Path Traversal in Password Manager PRO

CWE-22 — Path Traversal3 documents3 sources

Severity

6.4MEDIUMNVD

EPSS

1.6%

top 17.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Password Manager PRO

Timeline

PublishedDec 16

Latest updateMay 17

Description

Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDmanageengine/password_manager_pro7.1

🔴Vulnerability Details

GHSA

GHSA-c4vr-q6g4-rm93: Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attacker↗2022-05-17

▶

CVEList

CVE-2014-9372: Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attacker↗2014-12-16

▶