|
|
|||
| Rule General Information |
|---|
| Release Date: | 2018-12-04 | |
| Rule Name: | Zoho ManageEngine OpManager Business View Background Image Arbitrary File Upload Vulnerability(CVE-2018-18475) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded background images in Business view. | |
| Impact: | A remote, authenticated attacker could exploit this vulnerability by sending a crafted file upload request to the target server. Successful exploitation could result in unrestricted file upload and possible further attacks like persistent XSS. | |
| Affected OS: | Network Device, Solaris, FreeBSD, Windows, Mac OS, iOS, Other Unix, Linux, Others, Android | |
| Reference: | http://packetstormsecurity.com/files/149878/Zoho-ManageEngine-OpManager-12.3-Arbitrary-File-Upload.html http://seclists.org/fulldisclosure/2018/Oct/42 https://vuldb.com/?id.125901 |
|
| Solutions |
|---|
| Upgrading to version 12.3 Build 123214 eliminates this vulnerability. |