CVE-2014-5445

CVE Database · CVE-2014-5445

CVE-2014-5445

· N/AModified

CVSS v3.1

N/A

EPSS

98.17%

Published

Dec 4, 2014

Modified

May 6, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBManageEngine Netflow Analyzer / IT360 - Arbitrary File Download TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet.

Weaknesses (CWE)

CWE-22

Affected Products (2)

zohocorp · manageengine_it360vulnerable

zohocorp · manageengine_netflow_analyzervulnerable

References (18)

http://packetstormsecurity.com/files/129336/ManageEngine-Netflow-Analyzer-IT360-File-Download.html

ExploitPatchThird Party Advisory

http://seclists.org/fulldisclosure/2014/Dec/9

ExploitMailing ListThird Party Advisory

http://www.securityfocus.com/archive/1/534122/100/0/threaded

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/534141/100/0/threaded

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/71404

Exploit

KEV Catalog EPSS Scores Vendors All CVEs