Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 up to and including 11.3, Social IT Plus 11.0, and IT360 10.4 and previous versions allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zohocorp manageengine social it plus 11.0 |
||
zohocorp manageengine it360 |
||
zohocorp manageengine opmanager 8.8 |
||
zohocorp manageengine opmanager 10.0 |
||
zohocorp manageengine opmanager 10.2 |
||
zohocorp manageengine opmanager 11.1 |
||
zohocorp manageengine opmanager 9.0 |
||
zohocorp manageengine opmanager 9.1 |
||
zohocorp manageengine opmanager 11.2 |
||
zohocorp manageengine opmanager 11.3 |
||
zohocorp manageengine opmanager 10.1 |
||
zohocorp manageengine opmanager 11.0 |
||
zohocorp manageengine opmanager 9.2 |
||
zohocorp manageengine opmanager 9.4 |