9.8
CVE-2014-7862
- EPSS 81.05%
- Veröffentlicht 04.01.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 02:18:09
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zohocorp ≫ Desktop Central SwEditionmanaged_service_providers Version < 90109
Zohocorp ≫ Desktop Central Version >= 7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 81.05% | 0.996 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html
http://seclists.org/fulldisclosure/2015/Jan/2
http://www.securityfocus.com/archive/1/534356/100/0/threaded
http://www.securityfocus.com/bid/71849
https://exchange.xforce.ibmcloud.com/vulnerabilities/99595
https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt
https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html
https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin