CVE-2017-17552

Опубликовано: 07 фев. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.

Ссылки

https://umbrielsecurity.wordpress.com/2018/01/31/dangerous-url-redirection-and-csrf-in-zoho-manageengine-ad-manager-plus-cve-2017-17552/
Exploit
Mitigation
Third Party Advisory
https://umbrielsecurity.wordpress.com/2018/01/31/dangerous-url-redirection-and-csrf-in-zoho-manageengine-ad-manager-plus-cve-2017-17552/
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*

Версия до 6.6 (исключая)

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.6:6601:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.6:6602:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.6:6610:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.6:6611:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.6:6612:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.6:6613:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00332

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-p5jc-xg44-9www