Unrated severityNVD Advisory· Published Dec 4, 2014· Updated May 6, 2026

CVE-2014-6036

Description

Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter.

Affected products

Zohocorp/Manageengine It3602 versions
cpe:2.3:a:zohocorp:manageengine_it360:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:zohocorp:manageengine_it360:*:*:*:*:*:*:*:*range: <=10.4
- cpe:2.3:a:zohocorp:manageengine_it360:10.3.0:*:*:*:*:*:*:*
Zohocorp/Manageengine Opmanager
cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*
Range: <=11.3
Zohocorp/Manageengine Social It Plus
cpe:2.3:a:zohocorp:manageengine_social_it_plus:11.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.029
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000