First published: Thu May 23 2019(Updated: )
In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp ManageEngine Applications Manager | =13.1-13100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-11740 is a vulnerability in Zoho ManageEngine Application Manager 13.1 Build 13100 that allows an attacker to upload and execute malicious scripts on the remote system.
CVE-2017-11740 has a severity rating of 8.8, which is considered high.
CVE-2017-11740 affects Zoho ManageEngine Application Manager 13.1 Build 13100, allowing an attacker to upload and execute malicious scripts.
The Common Weakness Enumeration (CWE) for CVE-2017-11740 is CWE-20.
Yes, it is recommended to update Zoho ManageEngine Application Manager to a version that is not affected by this vulnerability.