PT-2018-13519 · Zoho · Zoho Manageengine Applications Manager

James Otten

·

Publicado

2018-09-26

·

Atualizado

2020-09-29

·

CVE-2018-16364

CVSS v2.0

9.3

Alta

VetorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Applications Manager versions prior to build 13740
Description A serialization issue allows for remote code execution on Windows systems via a payload on an SMB share.
Recommendations For versions prior to build 13740, update to build 13740 or later to resolve the issue.

Exploit

Correção

RCE

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502

Identificadores relacionados

CVE-2018-16364

Produtos afetados

Zoho Manageengine Applications Manager