CVE-2018-16364 | SynScan

Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2018-16364

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.

Published: Sep 26, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-16364
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_applications_manager	13.7-build13700	13.7-build13700.x
zohocorp / manageengine_applications_manager	13.7-build13710	13.7-build13710.x
zohocorp / manageengine_applications_manager	13.7-build13720	13.7-build13720.x
zohocorp / manageengine_applications_manager	13.7-build13730	13.7-build13730.x
zohocorp / manageengine_applications_manager	13.7-build13750	13.7-build13750.x
zohocorp / manageengine_applications_manager	13.7-build13760	13.7-build13760.x
zohocorp / manageengine_applications_manager	13.7-build13770	13.7-build13770.x
zohocorp / manageengine_applications_manager	13.7-build13780	13.7-build13780.x
zohocorp / manageengine_applications_manager	13.7-build13790	13.7-build13790.x
zohocorp / manageengine_applications_manager	13.7	13.7.x

https://blog.jamesotten.com/post/applications-manager-rce/