CVE-2014-5302

HIGH

ManageEngine ServiceDesk Plus 5-9.0.9030 - Authenticated Path Traversal and Remote Code Execution

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/99611
Permissions Required third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62105
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jan/5
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jan/12
Permissions Required third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62121
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534377/100/0/threaded

Scores

CVSS v3 8.8
EPSS 0.1073
EPSS Percentile 95.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (4)
manageengine/assetexplorer
manageengine/it360
manageengine/servicedesk_plus
manageengine/supportcenter
Published Aug 28, 2017
Tracked Since Feb 18, 2026