CVE-2018-11808

Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:zohocorp:manageengine_applications_manager:13:*:*:*:*:*:*:*

Information

Published : 2018-06-05 20:29

Updated : 2018-08-06 18:29


NVD link : CVE-2018-11808

Mitre link : CVE-2018-11808


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

zohocorp

  • manageengine_applications_manager