Unrated severityNVD Advisory· Published Dec 10, 2014· Updated May 6, 2026

CVE-2014-7866

Description

Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet.

Affected products

Zohocorp/Manageengine It3602 versions
cpe:2.3:a:zohocorp:manageengine_it360:10.3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:zohocorp:manageengine_it360:10.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_it360:10.4:*:*:*:*:*:*:*
Zohocorp/Manageengine Opmanager13 versions
cpe:2.3:a:zohocorp:manageengine_opmanager:10.0:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:zohocorp:manageengine_opmanager:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:10.2:*:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:11.2:*:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:11.4:*:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:8.8:*:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_opmanager:9.4:*:*:*:*:*:*:*
Zohocorp/Manageengine Social It Plus
cpe:2.3:a:zohocorp:manageengine_social_it_plus:11.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.066
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000