CVE-2018-12999

🗓️ 29 Jun 2018 12:00:29Reported by [email protected]Type

Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 6
Check Point Advisories	Zoho ManageEngine Desktop Central Arbitrary File Deletion (CVE-2018-12999)	22 Nov 201800:00	–	checkpoint_advisories
Cvelist	CVE-2018-12999	29 Jun 201812:00	–	cvelist
Prion	Improper access control	29 Jun 201812:29	–	prion
CVE	CVE-2018-12999	29 Jun 201812:29	–	cve
Packet Storm	Zoho ManageEngine 13 (13790 build) XSS / File Read / File Deletion	22 Jul 201800:00	–	packetstorm
0day.today	Zoho ManageEngine 13 (13790 build) XSS / File Read / File Deletion Vulnerabilities	23 Jul 201800:00	–	zdt

Nvd

Node

zohocorp manageengine_desktop_centralMatch10.0.255

Source	Link
github	www.github.com/unh3x/just4cve/issues/9
seclists	www.seclists.org/fulldisclosure/2018/Jul/74
cnnvd	www.cnnvd.org.cn/web/xxk/ldxqById.tag
packetstormsecurity	www.packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

29 Jun 2018 12:29Current

7.5High risk

Vulners AI Score7.5

CVSS26.4

CVSS37.5

EPSS0.13884

CWE-20