|
|||
Rule General Information |
---|
Release Date: | 2018-12-04 | |
Rule Name: | Zoho ManageEngine OpManager Business View Background Image Arbitrary File Upload Vulnerability(CVE-2018-18475) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded background images in Business view. | |
Impact: | A remote, authenticated attacker could exploit this vulnerability by sending a crafted file upload request to the target server. Successful exploitation could result in unrestricted file upload and possible further attacks like persistent XSS. | |
Affected OS: | Network Device, Solaris, FreeBSD, Windows, Mac OS, iOS, Other Unix, Linux, Others, Android | |
Reference: | http://packetstormsecurity.com/files/149878/Zoho-ManageEngine-OpManager-12.3-Arbitrary-File-Upload.html http://seclists.org/fulldisclosure/2018/Oct/42 https://vuldb.com/?id.125901 |
|
Solutions |
---|
Upgrading to version 12.3 Build 123214 eliminates this vulnerability. |