ZOHO ManageEngine Desktop Central Access Control Error Vulnerability

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. An access control err...

CVE-2018-12999

Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI...

Improper access control

Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI...

CVE-2018-12999

CVE-2018-12999 affects Zoho ManageEngine Desktop Central 10.0.255. The issue is an incorrect access control in AgentTrayIconServlet that lets an attacker delete files on the web server without authentication by sending a crafted request containing computerName=../ to the /agenttrayicon URI. This ...