CVE-2018-11808
Last modified
CVE-2018-11808 is a vulnerability of currently unknown severity. Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server.. EPSS estimates a 6.42% chance of exploitation in the next 30 days.
Description
Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Applications Manager | 13 |
References
- http://www.securityfocus.com/bid/104467Third Party Advisory, VDB Entry
- https://github.com/kactrosN/publicdisclosuresThird Party Advisory
- https://www.manageengine.com/products/applications_manager/issues.htmlRelease Notes, Vendor Advisory
- http://www.securityfocus.com/bid/104467Third Party Advisory, VDB Entry
- https://github.com/kactrosN/publicdisclosuresThird Party Advisory
- https://www.manageengine.com/products/applications_manager/issues.htmlRelease Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-11808?
How severe is CVE-2018-11808?
How do I fix CVE-2018-11808?
Are you affected by CVE-2018-11808?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST