Описание
Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.255:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.09656
Низкий
7.5 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI.
EPSS
Процентиль: 93%
0.09656
Низкий
7.5 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-20