PT-2020-9193 · Zoho · Zoho Manageengine Remote Access Plus

Pedro Afonso Guerreiro

Published

2020-03-19

Updated

2020-08-24

CVE-2019-11361

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Remote Access Plus version 10.0.258

Description The issue allows for privilege escalation due to improper validation of user permissions, potentially leading to a full application takeover.

Recommendations For Zoho ManageEngine Remote Access Plus version 10.0.258, update to a version that properly validates user permissions to prevent privilege escalation and application takeover. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2019-11361

Affected Products

Zoho Manageengine Remote Access Plus

PT-2020-9193 · Zoho · Zoho Manageengine Remote Access Plus

CVE-2019-11361

Weakness Enumeration

Related Identifiers

Affected Products

References · 4