CVE-2017-11740 — Improper Input Validation in Manageengine Applications Manager

CWE-20 — Improper Input Validation3 documents3 sources

Severity

8.8HIGHNVD

EPSS

1.8%

top 17.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Applications Manager

Timeline

PublishedMay 23

Latest updateMay 24

Description

In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_applications_manager13.1

🔴Vulnerability Details

GHSA

GHSA-8r38-vv5x-w6gc: In Zoho ManageEngine Application Manager 13↗2022-05-24

▶

CVEList

CVE-2017-11740: In Zoho ManageEngine Application Manager 13↗2019-05-23

▶