CVE-2014-5302

8.8 HIGH

Published: August 28, 2017 Modified: May 13, 2026

Description

Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html

Source: cve@mitre.org

Exploit Third Party Advisory VDB Entry

http://seclists.org/fulldisclosure/2015/Jan/12

Source: cve@mitre.org

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2015/Jan/5

Source: cve@mitre.org

Exploit Mailing List Third Party Advisory

http://secunia.com/advisories/62105

Source: cve@mitre.org

Permissions Required

http://secunia.com/advisories/62121

Source: cve@mitre.org

Permissions Required

http://www.securityfocus.com/archive/1/534377/100/0/threaded

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/99611

Source: cve@mitre.org

http://packetstormsecurity.com/files/129806/ManageEngine-Shell-Upload-Directory-Traversal.html