CVE-2018-7890 is a vulnerability in Zoho Corp Manageengine Applications Manager

A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection.

Products Associated with CVE-2018-7890

Want to know whenever a new CVE is published for Zoho Corp Manageengine Applications Manager? stack.watch will email you.

Exploit Probability

EPSS

86.28%

Percentile

99.39%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-7890 is a vulnerability in Zoho Corp Manageengine Applications ManagerPublished on March 8, 2018

Products Associated with CVE-2018-7890

Exploit Probability

CVE-2018-7890 is a vulnerability in Zoho Corp Manageengine Applications Manager
Published on March 8, 2018