CVE-2018-12999 - CERT CVE
ID CVE-2018-12999
Sažetak Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI.
Reference
CVSS
Base: 6.4
Impact: 4.9
Exploitability:10.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
NONE PARTIAL PARTIAL
CVSS vektor AV:N/AC:L/Au:N/C:N/I:P/A:P
Zadnje važnije ažuriranje 20-08-2018 - 11:56
Objavljeno 29-06-2018 - 12:29