Описание
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
Ссылки
- Issue TrackingThird Party AdvisoryVDB Entry
- Issue TrackingMailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party AdvisoryVDB Entry
- Third Party Advisory
- https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.htmlThird Party Advisory
- ExploitThird Party Advisory
- Issue TrackingThird Party AdvisoryVDB Entry
- Issue TrackingMailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party AdvisoryVDB Entry
- Third Party Advisory
- https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.htmlThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
Уязвимость компонента DCPluginServelet Servlet программного средства для управления рабочими местами через web-интерфейс ManageEngine Desktop Central и средства удаленного мониторинга и управления настольными ПК, серверами, ноутбуками и мобильными устройствами ManageEngine Endpoint Central MSP (ранее ManageEngine Desktop Central MSP), позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2