CVE-2014-6035

Name of the Vulnerable Software and Affected Versions ZOHO ManageEngine OpManager versions 11.4 and earlier

Description A directory traversal issue exists in the FileCollector servlet, allowing remote attackers to write and execute arbitrary files. This is achieved by using a .. (dot dot) in the FILENAME parameter.

Recommendations For ZOHO ManageEngine OpManager versions 11.4 and earlier, consider restricting access to the FileCollector servlet until a patch is available. As a temporary workaround, avoid using the FILENAME parameter in the affected API endpoint to minimize the risk of exploitation.