Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZOHO ManageEngine Applications Manager 安全漏洞
Vulnerability Description
ZOHO ManageEngine Applications Manager是美国卓豪(ZOHO)公司的一套IT运维管理解决方案。该产品具有应用性能管理、故障管理、报表生成和SLA管理等功能。 ZOHO ManageEngine Applications Manager 13(13740 build)之前版本中的CustomFieldsFeedServlet存在安全漏洞,该漏洞源于程序没有正确控制访问权限。攻击者可通过向服务器发送特制的请求利用该漏洞删除服务器上的任意文件并读取文件。
CVSS Information
N/A
Vulnerability Type
N/A