PT-2019-7902 · Zoho · Zoho Manageengine Applications Manager
Publicado
2019-05-23
·
Atualizado
2019-05-23
·
CVE-2017-11740
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zoho ManageEngine Application Manager version 13.1 Build 13100
Description
The issue allows an administrative user to upload files or binaries that can be executed when an alarm occurs. An attacker can exploit this functionality by uploading a malicious script, which can then be executed on the remote system.
Recommendations
For Zoho ManageEngine Application Manager version 13.1 Build 13100, consider restricting the upload functionality for administrative users to prevent the execution of malicious scripts until a fix is available. As a temporary workaround, limit the types of files that can be uploaded to prevent executable binaries from being uploaded.
Exploit
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Zoho Manageengine Applications Manager