Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.)
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-02-25T00:00:00
Updated: 2024-08-03T15:10:59.755Z
Reserved: 2023-02-25T00:00:00
Link: CVE-2022-48362
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-02-25T21:15:10.567
Modified: 2024-11-21T07:33:15.157
Link: CVE-2022-48362
Redhat
No data.