CVE-2014-3806

Name of the Vulnerable Software and Affected Versions VMTurbo Operations Manager versions prior to 4.6

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the xml path parameter of the cgi-bin/help/doIt.cgi endpoint.

Recommendations For versions prior to 4.6, update to version 4.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the cgi-bin/help/doIt.cgi endpoint until a patch is available. Avoid using the xml path parameter with untrusted input in the affected endpoint until the issue is resolved.