Unrestricted file upload in Zoho ManageEngine OpManager - CVE-2018-18475
Published: October 20, 2018
Vulnerability identifier: #VU15450
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2018-18475
CWE-ID: CWE-434
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Zoho Corporation
Affected software:
Zoho ManageEngine OpManager
Zoho ManageEngine OpManager
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code with elevated privileges.
The weakness exists due to unrestricted upload of file with dangerous type. A remote attacker can upload a specially crafted file, trigger unspecified flaw and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to unrestricted upload of file with dangerous type. A remote attacker can upload a specially crafted file, trigger unspecified flaw and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2018-18475
Update to version 12.3.123214.