Multiple ManageEngine Products Arbitrary File Upload Vulnerability Network Vulnerability

Summary

Multiple ManageEngine Products are prone to an arbitrary-file-upload vulnerability.

Impact

An attacker may leverage this issue to upload arbitrary files to the affected computer this can result in arbitrary code execution within the context of the vulnerable application.

Solution

Ask the vendor for an update

Affected

ManageEngine DesktopCentral versions 7 through 9 build 90054 ManageEngine DesktopCentral MSP

Detection

Check if it is possible to upload a file.

References

http://www.securityfocus.com/bid/69494

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-5005, CVE-2014-5006

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Admbook PHP Code Injection Flaw
Apache Struts2 Redirection and Security Bypass Vulnerabilities
Advantech WebAccess Multiple Vulnerabilities
AproxEngine Multiple Remote Input Validation Vulnerabilities
Avenger's News System Command Execution

Take action and discover your vulnerabilities