TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2019-8394

MEDIUMCISA KEV
6.5

Beschreibung

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.

CVE Details

CVSS v3.1 Bewertung6.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht2/17/2019
Zuletzt geandert11/7/2025
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerZoho
ProduktManageEngine
SchwachstellennameZoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability
KEV Aufnahmedatum2021-11-03
Behebungsfrist2022-05-03
Ransomware-NutzungUnknown

Betroffene Produkte

zohocorp:manageengine_servicedesk_plus

Schwachen (CWE)

CWE-434CWE-434

Referenzen

http://www.securityfocus.com/bid/107129(cve@mitre.org)
https://www.exploit-db.com/exploits/46413/(cve@mitre.org)
https://www.manageengine.com/products/service-desk/readme.html(cve@mitre.org)
http://www.securityfocus.com/bid/107129(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46413/(af854a3a-2127-422b-91ae-364da2661108)
https://www.manageengine.com/products/service-desk/readme.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8394(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.