Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZOHO ManageEngine Asset Explor 操作系统命令注入漏洞
Vulnerability Description
ZOHO ManageEngine AssetExplorer是美国卓豪(ZOHO)公司的一套资产管理软件。该软件提供资产跟踪、IT资产的扫描和资产所有权的跟踪等功能。 ZOHO ManageEngine Asset Explorer 6.5版本中存在操作系统命令注入漏洞,该漏洞源于在动态生成命令来安排扫描SCCM时,程序未验证System Center Configuration Manager(SCCM)数据库用户名。攻击者可利用该漏洞在AssetExplorer服务器上以NT AUTHORITY/S
CVSS Information
N/A
Vulnerability Type
N/A