Schedule demo
 
 

CVE-2018-11808

Incorrect Access Control in CustomFieldsFeedServlet


Vulnerability Details
Impact CVSS V3 rating: 10.0 (Critical)
Reported 24 March 2018
Fixed 25 May 2018
Affected Builds Till Build 13730
Fixed in Build 13740
Overview Incorrect Access Control in CustomFieldsFeedServlet.
Recommended Fix Upgrade to Applications Manager Version 13740 and above

Description

Incorrect Access Control in CustomFieldsFeedServlet in ManageEngine Applications Manager Versions before 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server.

We recommend that you upgrade to Applications Manager Version 13740 to fix this issue.


Source and Acknowledgements

Find out more about CVE-2018-11808 from the CVE dictionary and NIST NVD.

Other Resources: https://github.com/kactrosN/publicdisclosures

Need Help?

For clarification or corrections please contact our support team or email us at appmanager-support@manageengine.com

You're in great company