CVE-2014-7863

Name of the Vulnerable Software and Affected Versions ManageEngine Applications Manager versions prior to 11.9 build 11912 OpManager versions 8 through 11.5 build 11400 IT360 versions 10.5 and earlier

Description The issue allows remote attackers and remote authenticated users to read arbitrary files or obtain sensitive information. This can be achieved via the fileName parameter in a copyfile operation or through a directory listing in a listdirectory operation to the servlet/FailOverHelperServlet.

Recommendations For ManageEngine Applications Manager versions prior to 11.9 build 11912, update to version 11.9 build 11912 or later. For OpManager versions 8 through 11.5 build 11400, update to a version later than 11.5 build 11400. For IT360 versions 10.5 and earlier, update to a version later than 10.5. As a temporary workaround, consider restricting access to the FailOverHelperServlet to minimize the risk of exploitation.