Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.)
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-02-25T00:00:00
Updated: 2023-03-14T00:00:00
Reserved: 2023-02-25T00:00:00
Link: CVE-2022-48362
JSON object: View
NVD Information
Status : Modified
Published: 2023-02-25T21:15:10.567
Modified: 2023-03-14T14:15:13.117
Link: CVE-2022-48362
JSON object: View
Redhat Information
No data.
CWE