CVE-2023-39912: Path Traversal
First published: Thu Aug 31 2023(Updated: )
Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <=7202 | ||
| Zohocorp Manageengine Admanager Plus | <=7202 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-39912?
CVE-2023-39912 is a vulnerability in Zoho ManageEngine ADManager Plus through version 7202 that allows admin users to download any file from the server machine via directory traversal.
How can the vulnerability be exploited?
This vulnerability can be exploited by admin users to download any file from the server machine through directory traversal.
What is the severity of CVE-2023-39912?
CVE-2023-39912 has a severity level of medium with a severity value of 4.9.
How do I fix CVE-2023-39912?
The vendor has released a patch to fix this vulnerability. It is recommended to update Zoho ManageEngine ADManager Plus to version 7203 or higher to mitigate the risk.
Where can I find more information about CVE-2023-39912?
More information about CVE-2023-39912 can be found on the official website of Zoho ManageEngine as well as in the provided reference links.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/mitre-cve
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/zohocorp
- canonical/zohocorp manageengine admanager plus
- version/zohocorp manageengine admanager plus/7202