CVE-2014-0344

Published: Mar 29, 2014Modified: May 6, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter.

Affected (1)

Products: Zohocorp: Manageengine Opstor

Zohocorp

1 product

Manageengine Opstor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Opstor	Up to 8.3

Related CWEs

CWE-264

References (4)

http://www.kb.cert.org/vuls/id/140886

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/66499

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/140886

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/66499

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.