CVE-2014-0344

Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter.
References
Link Resource
http://www.kb.cert.org/vuls/id/140886 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/66499
http://www.kb.cert.org/vuls/id/140886 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/66499
Configurations

Configuration 1 (hide)

cpe:2.3:a:zohocorp:manageengine_opstor:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:01

Type Values Removed Values Added
References () http://www.kb.cert.org/vuls/id/140886 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/140886 - Third Party Advisory, US Government Resource
References () http://www.securityfocus.com/bid/66499 - () http://www.securityfocus.com/bid/66499 -

Information

Published : 2014-03-29 20:55

Updated : 2024-11-21 02:01


NVD link : CVE-2014-0344

Mitre link : CVE-2014-0344

CVE.ORG link : CVE-2014-0344


JSON object : View

Products Affected

zohocorp

  • manageengine_opstor
CWE
CWE-264

Permissions, Privileges, and Access Controls