VYPR
Unrated severityNVD Advisory· Published Dec 4, 2014· Updated Jun 17, 2026

CVE-2014-5446

CVE-2014-5446

Description

Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

16
  • cpe:2.3:a:zohocorp:manageengine_it360:10.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:10.0:beta:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:10.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.5:*:*:*:*:*:*:*
    • cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.7:*:*:*:*:*:*:*
    • cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8:*:*:*:*:*:*:*
    • cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.9:*:*:*:*:*:*:*
  • Zoho/IT360llm-fuzzy
    Range: =10.3

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.