CVE-2019-8394: Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability
First published: Sun Feb 17 2019(Updated: )
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp ManageEngine ServiceDesk Plus | <10.0 | |
| ManageEngine ServiceDesk Plus | ||
| ManageEngine ServiceDesk Plus | <10.0.0 | |
| ManageEngine ServiceDesk Plus | =10.0.0 | |
| ManageEngine ServiceDesk Plus | =10.0.0-10000 | |
| ManageEngine ServiceDesk Plus | =10.0.0-10001 | |
| ManageEngine ServiceDesk Plus | =10.0.0-10002 | |
| ManageEngine ServiceDesk Plus | =10.0.0-10003 | |
| ManageEngine ServiceDesk Plus | =10.0.0-10004 | |
| ManageEngine ServiceDesk Plus | =10.0.0-10005 | |
| ManageEngine ServiceDesk Plus | =10.0.0-10006 | |
| ManageEngine ServiceDesk Plus | =10.0.0-10007 | |
| ManageEngine ServiceDesk Plus | =10.0.0-10008 | |
| ManageEngine ServiceDesk Plus | =10.0.0-10009 | |
| ManageEngine ServiceDesk Plus | =10.0.0-10010 | |
| ManageEngine ServiceDesk Plus | =10.0.0-10011 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for Zoho ManageEngine ServiceDesk Plus file upload vulnerability?
The vulnerability ID for Zoho ManageEngine ServiceDesk Plus file upload vulnerability is CVE-2019-8394.
What is the severity of CVE-2019-8394?
The severity of CVE-2019-8394 is medium, with a severity value of 6.5.
How can remote users exploit CVE-2019-8394?
Remote users can exploit CVE-2019-8394 by uploading files via the login page customization.
Which software is affected by CVE-2019-8394?
Zoho ManageEngine ServiceDesk Plus version up to 10.0 is affected by CVE-2019-8394.
Are there any references for CVE-2019-8394?
Yes, you can find more information about CVE-2019-8394 at the following references: [1] http://www.securityfocus.com/bid/107129, [2] https://www.exploit-db.com/exploits/46413/, [3] https://www.manageengine.com/products/service-desk/readme.html
- agent/type
- agent/description
- agent/title
- agent/weakness
- agent/first-publish-date
- agent/references
- agent/author
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/severity
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- vendor/zohocorp
- canonical/zohocorp manageengine servicedesk plus
- vendor/zoho
- canonical/manageengine servicedesk plus
- version/manageengine servicedesk plus/10.0.0
- version/manageengine servicedesk plus/10.0.0-10000
- version/manageengine servicedesk plus/10.0.0-10001
- version/manageengine servicedesk plus/10.0.0-10002
- version/manageengine servicedesk plus/10.0.0-10003
- version/manageengine servicedesk plus/10.0.0-10004
- version/manageengine servicedesk plus/10.0.0-10005
- version/manageengine servicedesk plus/10.0.0-10006
- version/manageengine servicedesk plus/10.0.0-10007
- version/manageengine servicedesk plus/10.0.0-10008
- version/manageengine servicedesk plus/10.0.0-10009
- version/manageengine servicedesk plus/10.0.0-10010
- version/manageengine servicedesk plus/10.0.0-10011