CVE-2017-11740

Exploit

EPSS 1.98%
Veröffentlicht 23.05.2019 16:29:08
Zuletzt bearbeitet 21.11.2024 03:08:24
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Applications Manager Version13.1 Update13100

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.98%	0.829

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://manageengine.com

Vendor Advisory

http://application.com

Not Applicable

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2017-11740

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-11740

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-11740

EUVD