Lucene search

[email protected]NVD:CVE-2018-11808

HistoryJun 06, 2018 - 3:29 a.m.

CVE-2018-11808

2018-06-0603:29:00

CWE-20

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.1 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON

Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is “NT AUTHORITY / SYSTEM”) by sending a specially crafted request to the server.

Affected configurations

NVD

Node

zohocorpmanageengine_applications_managerMatch13

References

www.securityfocus.com/bid/104467

github.com/kactrosN/publicdisclosures

www.manageengine.com/products/applications_manager/issues.html

www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-11808.html

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.1 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON

Related for NVD:CVE-2018-11808

cvelist1 cve1 prion1