CVE-2023-39912

CWE-22 — Path Traversal3 documents3 sources

Severity

4.9MEDIUM

EPSS

1.0%

top 22.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Admanager Plus

Timeline

PublishedAug 31

Latest updateSep 1

Description

Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages1 packages

▶NVDzohocorp/manageengine_admanager_plus< 7.2+1

🔴Vulnerability Details

GHSA

GHSA-8289-x38r-723c: Zoho ManageEngine ADManager Plus through 7202 allows admin users to download any file from the server machine via directory traversal↗2023-09-01

▶

CVEList

CVE-2023-39912: Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed↗2023-08-31

▶