CVE-2019-8394 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
mitre	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
zohocorp	manageengine_servicedesk_plus	𝑥 < 10.0.0
zohocorp	manageengine_servicedesk_plus	10.0.0
zohocorp	manageengine_servicedesk_plus	10.0.0:10000
zohocorp	manageengine_servicedesk_plus	10.0.0:10001
zohocorp	manageengine_servicedesk_plus	10.0.0:10002
zohocorp	manageengine_servicedesk_plus	10.0.0:10003
zohocorp	manageengine_servicedesk_plus	10.0.0:10004
zohocorp	manageengine_servicedesk_plus	10.0.0:10005
zohocorp	manageengine_servicedesk_plus	10.0.0:10006
zohocorp	manageengine_servicedesk_plus	10.0.0:10007
zohocorp	manageengine_servicedesk_plus	10.0.0:10008
zohocorp	manageengine_servicedesk_plus	10.0.0:10009
zohocorp	manageengine_servicedesk_plus	10.0.0:10010
zohocorp	manageengine_servicedesk_plus	10.0.0:10011

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-434 - Unrestricted Upload of File with Dangerous Type
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

References

http://www.securityfocus.com/bid/107129

https://www.exploit-db.com/exploits/46413/

https://www.manageengine.com/products/service-desk/readme.html

http://www.securityfocus.com/bid/107129

https://www.exploit-db.com/exploits/46413/

https://www.manageengine.com/products/service-desk/readme.html

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8394