Описание
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 15.0 (включая) до 15.5 (исключая)
Одно из
cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:15.5:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:15.5:build15500:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:15.5:build15510:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.27373
Средний
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-427
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
EPSS
Процентиль: 96%
0.27373
Средний
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-427