First published: Tue May 24 2022(Updated: )
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
Credit: help@fluidattacks.com help@fluidattacks.com
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp ManageEngine Applications Manager | >=15.0<15.5 | |
Zohocorp ManageEngine Applications Manager | =15.5 | |
Zohocorp ManageEngine Applications Manager | =15.5-build15500 | |
Zohocorp ManageEngine Applications Manager | =15.5-build15510 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2022-23050.
The affected software is Zohocorp Manageengine Applications Manager.
CVE-2022-23050 has a severity rating of 7.2 (high).
An attacker can exploit this vulnerability by uploading a DLL file to perform a DLL hijack attack.
Yes, security updates for CVE-2022-23050 are available. Please refer to the ManageEngine website for more information.