PT-2014-8967 · Manageengine · Manageengine Desktop Central

Andrea Micalizzi

Publicado

2014-12-11

Atualizado

2015-03-07

CVE-2014-9371

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ManageEngine Desktop Central MSP versions prior to 90075

Description The issue allows remote attackers to execute arbitrary code via a crafted JSON object. This is related to the NativeAppServlet in ManageEngine Desktop Central MSP.

Recommendations For versions prior to 90075, update to version 90075 or later to resolve the issue. As a temporary workaround, consider restricting access to the NativeAppServlet to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2014-9371

ZDI-14-420

Produtos afetados

Manageengine Desktop Central

PT-2014-8967 · Manageengine · Manageengine Desktop Central

CVE-2014-9371

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3