Security Advisory

CVE-2018-12999

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-06-29 12:00:00

Last updated 2024-08-05 08:52:49

Assigner mitre

State PUBLISHED

Description

Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI.

← Browse all CVEs View on cve.org ↗