PT-2018-16905 · Zoho · Zoho Manageengine Desktop Central

Publicado

2018-04-18

Atualizado

2019-03-05

CVE-2018-5337

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Desktop Central versions 10.0.124 through 10.0.184

Description An issue was discovered in the software, allowing directory traversal in the SCRIPT NAME field when modifying existing scripts.

Recommendations For versions 10.0.124 through 10.0.184, consider restricting access to the script modification functionality until a fix is available. As a temporary workaround, avoid using the SCRIPT NAME field when modifying existing scripts to minimize the risk of exploitation.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2018-5337

Produtos afetados

Zoho Manageengine Desktop Central

PT-2018-16905 · Zoho · Zoho Manageengine Desktop Central

CVE-2018-5337

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4