CVE-2019-12876

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

7.3HIGH

EPSS

0.1%

top 72.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Admanager Plus Zohocorp Manageengine Adselfservice Plus Zohocorp Manageengine Desktop Central

Timeline

PublishedJul 17

Latest updateMay 24

Description

Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages3 packages

▶NVDzohocorp/manageengine_admanager_plus6.6.5

▶NVDzohocorp/manageengine_adselfservice_plus5.7

▶NVDzohocorp/manageengine_desktop_central10.0.380

🔴Vulnerability Details

GHSA

GHSA-38rv-3hxq-v5g9: Zoho ManageEngine ADManager Plus 6↗2022-05-24

▶

CVEList

CVE-2019-12876: Zoho ManageEngine ADManager Plus 6↗2019-07-17

▶