CVE-2018-12999

Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.255:*:*:*:*:*:*:*

Information

Published : 2018-06-29 05:29

Updated : 2018-08-20 04:56


NVD link : CVE-2018-12999

Mitre link : CVE-2018-12999


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

zohocorp

  • manageengine_desktop_central