CVE-2018-16364

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.
References
Link Resource
https://blog.jamesotten.com/post/applications-manager-rce/ Exploit Mitigation Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13700:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13710:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13720:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13730:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13750:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13760:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13770:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13780:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7:build13790:*:*:*:*:*:*

Information

Published : 2018-09-26 14:29

Updated : 2020-09-29 12:12


NVD link : CVE-2018-16364

Mitre link : CVE-2018-16364


JSON object : View

CWE
CWE-502

Deserialization of Untrusted Data

Advertisement

dedicated server usa

Products Affected

zohocorp

  • manageengine_applications_manager