PT-2018-16905 · Zoho · Zoho Manageengine Desktop Central
Published
2018-04-18
·
Updated
2019-03-05
·
CVE-2018-5337
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zoho ManageEngine Desktop Central versions 10.0.124 through 10.0.184
Description
An issue was discovered in the software, allowing directory traversal in the
SCRIPT NAME field when modifying existing scripts.Recommendations
For versions 10.0.124 through 10.0.184, consider restricting access to the script modification functionality until a fix is available.
As a temporary workaround, avoid using the
SCRIPT NAME field when modifying existing scripts to minimize the risk of exploitation.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoho Manageengine Desktop Central