Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZOHO ManageEngine Applications Manager、OpManager和IT360 信息泄露漏洞
Vulnerability Description
ZOHO ManageEngine Applications Manager是美国卓豪(ZOHO)公司的一套IT运维管理解决方案。该产品具有应用性能管理、故障管理、报表生成和SLA管理等功能。 ZOHO ManageEngine Applications Manager 11.9 build 11912及之前版本、OpManager 8版本至11.5 build 11400版本和IT360 10.5及之前版本中的FailOverHelperServlet程序存在信息泄露漏洞。远程攻击者可借助‘fileNa
CVSS Information
N/A
Vulnerability Type
N/A