First published: Thu Mar 19 2020(Updated: )
Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp Manageengine Remote Access Plus | =10.0.258 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-11361 is high with a severity score of 8.8.
CVE-2019-11361 affects Zoho ManageEngine Remote Access Plus version 10.0.258 by not properly validating user permissions, leading to privilege escalation and a potential full application takeover.
Privilege escalation can occur in Zoho ManageEngine Remote Access Plus due to CVE-2019-11361 because the vulnerability allows an attacker to elevate their privileges and gain unauthorized access to sensitive resources.
Yes, a fix is available for CVE-2019-11361 in Zoho ManageEngine Remote Access Plus. It is recommended to update to a version that properly validates user permissions.
More information about CVE-2019-11361 in Zoho ManageEngine Remote Access Plus can be found at the following link: [https://www.manageengine.com/remote-desktop-management/knowledge-base/elevation-of-privilege.html]