Vulnerability Details CVE-2019-8394
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.879
EPSS Ranking 99.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
Proposed Action
Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.
Ransomware Campaign
Unknown
References
Products affected by CVE-2019-8394
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:-
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.1
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4