Summary
An attacker can exploit this issue using directory-traversal strings to view files in the context of the web server process.
Impact
Arbitrary file download
Solution
UNFIXED - ManageEngine failed to take action after 105 days.
Affected
NetFlow v8.6 to v9.9
Detection
Send a special crafted HTTP GET request and check the response
Severity
Classification
-
CVE CVE-2014-9373 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities