CVE-2017-11740

Exploit

EPSS 1.98%
Published 23.05.2019 16:29:08
Last modified 21.11.2024 03:08:24
Source cve@mitre.org
Teams watchlist Login
Open Login

In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Applications Manager Version13.1 Update13100

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.98%	0.829

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://manageengine.com

Vendor Advisory

http://application.com

Not Applicable

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2017-11740

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-11740

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-11740

EUVD