Vulnerabilities > CVE-2018-16364 - Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Applications Manager

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
zohocorp
CWE-502
critical
NVD
Published: 2018-09-26
Updated: 2018-12-20

Summary

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.

Vulnerable Configurations

Part Description Count
Application
Zohocorp
106

Common Weakness Enumeration (CWE)

References