CVE-2018-11808

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Applications Manager versions prior to 13 build 13740

Description The issue allows an attacker to delete any file and read certain files on the server by sending a specially crafted request. This occurs in the context of the user, which by default is "NT AUTHORITY / SYSTEM".

Recommendations For versions prior to 13 build 13740, update to build 13740 or later to resolve the issue. As a temporary workaround, consider restricting access to the CustomFieldsFeedServlet to minimize the risk of exploitation.