Описание
In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system.
Ссылки
- Not Applicable
- Vendor Advisory
- ExploitThird Party Advisory
- Not Applicable
- Vendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.1:13100:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01835
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system.
EPSS
Процентиль: 83%
0.01835
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-20