CVE-2018-11808
Summary
| CVE | CVE-2018-11808 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-06-06 03:29:00 UTC |
| Updated | 2018-08-07 01:29:00 UTC |
| Description | Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Zohocorp | Manageengine Applications Manager | 13 | All | All | All |
| Application | Zohocorp | Manageengine Applications Manager | 13 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.manageengine.com/products/applications_manager/issues.html | MISC | www.manageengine.com | Release Notes, Vendor Advisory |
| Security Updates - CVE Details | ManageEngine Applications Manager | CONFIRM | www.manageengine.com | |
| Zoho ManageEngine Applications Manager CVE-2018-11808 Access Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| GitHub - kactrosN/publicdisclosures: publicdisclosures | MISC | github.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.