CVE-2014-9372

Name of the Vulnerable Software and Affected Versions ManageEngine Password Manager Pro versions prior to 7103

Description The issue is related to a directory traversal vulnerability in the UploadAccountActivities servlet. This allows remote attackers to delete arbitrary files by including a .. (dot dot) in a filename. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For versions prior to 7103, update to version 7103 or later to resolve the issue. As a temporary workaround, consider restricting access to the UploadAccountActivities servlet to minimize the risk of exploitation. Avoid using filenames that include a .. (dot dot) in the affected servlet until the issue is resolved.