CVE-2015-8249

Name: CVE-2015-8249
Creator: NVD / NIST
Published: 2017-09-28T01:29:00.777+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 73.60%

Last modified Jun 17, 2026

CVE-2015-8249 is a vulnerability of currently unknown severity. The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.. EPSS estimates a 73.60% chance of exploitation in the next 30 days.

Description

The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.

Metrics

EPSS Probability

73.60%

99.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-434

Affected Software

Vendor	Product	Versions
Manageengine	Desktop Central	9.0

References

http://packetstormsecurity.com/files/134806/ManageEngine-Desktop-Central-9-FileUploadServlet-ConnectionId.htmlExploit, Third Party Advisory, VDB Entry
http://www.rapid7.com/db/modules/exploit/windows/http/manageengine_connectionid_writeThird Party Advisory
https://community.rapid7.com/community/infosec/blog/2015/12/14/r7-2015-22-manageengine-desktop-central-9-fileuploadservlet-connectionid-vulnerability-cve-2015-8249Exploit, Patch, Technical Description, Third Party Advisory
https://www.exploit-db.com/exploits/38982/Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/134806/ManageEngine-Desktop-Central-9-FileUploadServlet-ConnectionId.htmlExploit, Third Party Advisory, VDB Entry
http://www.rapid7.com/db/modules/exploit/windows/http/manageengine_connectionid_writeThird Party Advisory
https://community.rapid7.com/community/infosec/blog/2015/12/14/r7-2015-22-manageengine-desktop-central-9-fileuploadservlet-connectionid-vulnerability-cve-2015-8249Exploit, Patch, Technical Description, Third Party Advisory
https://www.exploit-db.com/exploits/38982/Exploit, Third Party Advisory, VDB Entry

Timeline

Published: Sep 28, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-8249?

The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.

How severe is CVE-2015-8249?

Severity scoring for CVE-2015-8249 is pending analysis. The EPSS model estimates a 73.60% probability of exploitation in the next 30 days.

How do I fix CVE-2015-8249?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-8249?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST