PT-2018-13519 · Zoho · Zoho Manageengine Applications Manager

James Otten

·

Published

2018-09-26

·

Updated

2020-09-29

·

CVE-2018-16364

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Applications Manager versions prior to build 13740
Description A serialization issue allows for remote code execution on Windows systems via a payload on an SMB share.
Recommendations For versions prior to build 13740, update to build 13740 or later to resolve the issue.

Exploit

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2018-16364

Affected Products

Zoho Manageengine Applications Manager