PT-2018-6533 · Zoho · Zoho Manageengine Admanager Plus

Douglas Weir

Publicado

2018-02-07

Atualizado

2025-10-24

CVE-2017-17552

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine AD Manager Plus versions 6590 through 6613

Description: The issue allows attackers to conduct URL redirection attacks via the src parameter, potentially bypassing CSRF protection or masquerading a malicious URL as trusted. This is related to the /LoadFrame endpoint.

Recommendations: For versions 6590 through 6613, as a temporary workaround, consider restricting access to the /LoadFrame endpoint to minimize the risk of exploitation. Avoid using the src parameter in the affected endpoint until the issue is resolved.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2017-17552

Produtos afetados

Zoho Manageengine Admanager Plus

PT-2018-6533 · Zoho · Zoho Manageengine Admanager Plus

CVE-2017-17552

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5