Описание
Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution.
Ссылки
- Vendor Advisory
- Release NotesVendor Advisory
- Vendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 12.1.4 (исключая)
Одно из
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.4:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.4:12141:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.4:12145:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.4:12146:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.24132
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution.
EPSS
Процентиль: 96%
0.24132
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22