ManageEngine arbitrary topcentral Arbitrary File Upload Vulnerability (CVE-2014-5007)
Release date:
Updated on: 2014-09-03
Affected Systems:
ManageEngine implements topcentral 8-9 build 90054
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69491
CVE (CAN) ID: CVE-2014-5007
ManageEngine is an enterprise-level IT management software, including network management, server, desktop and application management.
ManageEngine Desktop Central 9 build 90055 has the Arbitrary File Upload Vulnerability. Attackers can exploit this vulnerability to upload arbitrary code and run it in the context of Web server processes.
<* Source: Pedro Ribeiro
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
ManageEngine
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.manageengine.com/products/desktop-central/
This article permanently updates the link address: