Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-11717

EPSS 9.17% · P93
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-11717

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the EAS account (an AD account used to send mail), the cleartext password of recovery_password of Android devices, the cleartext password of account "set", the location of devices enrolled in the platform (with UUID and information related to the name of the person at the location), critical information about all enrolled devices such as Serial Number, UUID, Model, Name, and auth_session_token (usable to spoof a terminal identity on the platform), etc.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
ZOHO ManageEngine Desktop Central 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ZOHO ManageEngine Desktop Central(DC)是美国卓豪(ZOHO)公司的一套桌面管理解决方案。该方案包含软件分发、补丁管理、系统配置、远程控制等功能模块,可对桌面机以及服务器管理的整个生命周期提供支持。 ZOHO ManageEngine DC 100251之前版本中存在安全漏洞。攻击者可借助日志文件的访问权限利用该漏洞获取AD账户的Base64编码的用户名/密码,EAS账户的邮件设备及明文密码/用户名,Android设备的recovery_password的明文密码,‘se
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2018-11717

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2018-11717

登录查看更多情报信息。

Same Patch Batch · n/a · 2018-07-16 · 28 CVEs total

CVE-2018-13981Zeta Producer Desktop CMS 安全漏洞
CVE-2018-13832WordPress Techotronic all-in-one-favicon插件跨站脚本漏洞
CVE-2018-12584reSIProcate 安全漏洞
CVE-2018-14324Oracle GlassFish Open Source Edition 安全漏洞
CVE-2018-0385Cisco Firepower System Software检测引擎安全漏洞
CVE-2018-0384Cisco FireSIGHT System Software检测引擎安全漏洞
CVE-2018-0383Cisco FireSIGHT System Software检测引擎安全漏洞
CVE-2018-0370Cisco Firepower System Software检测引擎资源管理错误漏洞
CVE-2018-0369多款Cisco产品Cisco StarOS 输入验证漏洞
CVE-2018-0368Cisco Digital Network Architecture Center 信息泄露漏洞
CVE-2018-0366Cisco Web Security Appliance 跨站脚本漏洞
CVE-2018-0361ClamAV 安全漏洞
CVE-2018-0360ClamAV 数字错误漏洞
CVE-2018-0341Cisco IP Phone 6800、7800和8800系列命令注入漏洞
CVE-2018-14325MP4v2 数字错误漏洞
CVE-2018-13980Zeta Producer Desktop CMS 路径遍历漏洞
CVE-2018-11716ZOHO ManageEngine Desktop Central 安全漏洞
CVE-2014-2079X File Explorer 安全漏洞
CVE-2013-0522IBM Notes for Windows 安全漏洞
CVE-2018-14071WordPress Geo Mashup插件输入验证漏洞

Showing top 20 of 28 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2018-11717

No comments yet

Leave a comment