Security Advisory

CVE-2019-19034

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-03-23 16:09:54

Last updated 2024-08-05 02:09:37

Assigner mitre

State PUBLISHED

Description

Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges.

← Browse all CVEs View on cve.org ↗