PT-2014-3575 · Zoho · Zoho Manageengine Opstor

Published

2014-03-29

Updated

2015-07-24

CVE-2014-0344

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ZOHO ManageEngine OpStor versions prior to build 8500

Description The issue allows remote authenticated users to obtain Admin access by exploiting a privilege level checking flaw. This is achieved by using the name parameter in conjunction with a true value of the edit parameter in the Properties.do file.

Recommendations For versions prior to build 8500, update to build 8500 or later to resolve the issue. As a temporary workaround, consider restricting access to the Properties.do file to prevent exploitation. Avoid using the name parameter with a true value of the edit parameter in the Properties.do file until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-0344

Affected Products

Zoho Manageengine Opstor

PT-2014-3575 · Zoho · Zoho Manageengine Opstor

CVE-2014-0344

Weakness Enumeration

Related Identifiers

Affected Products

References · 3