CVE-2014-100002 in SupportCenter Plusinfo

Summary

Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

01/13/2015

Disclosure

01/13/2015

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-22 (Confirmed)

Exploit

Download

CVSS

5.3

EPSS

0.78866

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-100002
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-100002
CVE Details	https://www.cvedetails.com/cve/CVE-2014-100002/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!