cnvd - cnvd-2017-05233

cnvd-2017-05233

Vulnerability from cnvd

Title: ZOHO ManageEngine Applications Manager远程代码执行漏洞

Description:

ZOHO ManageEngine Applications Manager是美国卓豪（ZOHO）公司的一套应用性能监控软件。该软件可对不同的业务系统、应用和网络服务（如服务器、操作系统等）进行远程监控和管理。

ZOHO ManageEngine Applications Manager 12版本和13版本中存在远程代码执行漏洞。远程攻击者可利用该漏洞执行任意命令，获取底层操作系统的最高权限。

Severity: 高

Patch Name: ZOHO ManageEngine Applications Manager远程代码执行漏洞的补丁

Patch Description:

ZOHO ManageEngine Applications Manager 12版本和13版本中存在远程代码执行漏洞。远程攻击者可利用该漏洞执行任意命令，获取底层操作系统的最高权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://www.manageengine.com/products/applications_manager/release-notes.html

Reference: http://www.securityfocus.com/bid/97394

Impacted products

Name
['ZOHO ManageEngine Applications Manager 12', 'ZOHO ManageEngine Applications Manager 13']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97394"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9498"
    }
  },
  "description": "ZOHO ManageEngine Applications Manager\u662f\u7f8e\u56fd\u5353\u8c6a\uff08ZOHO\uff09\u516c\u53f8\u7684\u4e00\u5957\u5e94\u7528\u6027\u80fd\u76d1\u63a7\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u5bf9\u4e0d\u540c\u7684\u4e1a\u52a1\u7cfb\u7edf\u3001\u5e94\u7528\u548c\u7f51\u7edc\u670d\u52a1\uff08\u5982\u670d\u52a1\u5668\u3001\u64cd\u4f5c\u7cfb\u7edf\u7b49\uff09\u8fdb\u884c\u8fdc\u7a0b\u76d1\u63a7\u548c\u7ba1\u7406\u3002\r\n\r\nZOHO ManageEngine Applications Manager 12\u7248\u672c\u548c13\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\uff0c\u83b7\u53d6\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\u7684\u6700\u9ad8\u6743\u9650\u3002",
  "discovererName": "Lukasz Juszczyk",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.manageengine.com/products/applications_manager/release-notes.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05233",
  "openTime": "2017-04-24",
  "patchDescription": "ZOHO ManageEngine Applications Manager\u662f\u7f8e\u56fd\u5353\u8c6a\uff08ZOHO\uff09\u516c\u53f8\u7684\u4e00\u5957\u5e94\u7528\u6027\u80fd\u76d1\u63a7\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u5bf9\u4e0d\u540c\u7684\u4e1a\u52a1\u7cfb\u7edf\u3001\u5e94\u7528\u548c\u7f51\u7edc\u670d\u52a1\uff08\u5982\u670d\u52a1\u5668\u3001\u64cd\u4f5c\u7cfb\u7edf\u7b49\uff09\u8fdb\u884c\u8fdc\u7a0b\u76d1\u63a7\u548c\u7ba1\u7406\u3002\r\n\r\nZOHO ManageEngine Applications Manager 12\u7248\u672c\u548c13\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\uff0c\u83b7\u53d6\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\u7684\u6700\u9ad8\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ZOHO ManageEngine Applications Manager\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "ZOHO ManageEngine Applications Manager 12",
      "ZOHO ManageEngine Applications Manager 13"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/97394",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-05",
  "title": "ZOHO ManageEngine Applications Manager\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2016-9498 (GCVE-0-2016-9498)

Vulnerability from cvelistv5

Published

2018-07-13 20:00

Modified

2024-08-06 02:50

Severity ?

CWE

CWE-502

Summary

ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager's RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system.

References

▼	URL	Tags
	http://seclists.org/fulldisclosure/2017/Apr/9	mailing-list, x_refsource_FULLDISC
	https://www.securityfocus.com/bid/97394/	vdb-entry, x_refsource_BID
	https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	ManageEngine	Applications Manager	Version: 12 Version: 13

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Apr/9"
          },
          {
            "name": "97394",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "https://www.securityfocus.com/bid/97394/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Applications Manager",
          "vendor": "ManageEngine",
          "versions": [
            {
              "status": "affected",
              "version": "12"
            },
            {
              "status": "affected",
              "version": "13"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Thanks to Lukasz Juszczyk for reporting this vulnerability."
        }
      ],
      "datePublic": "2017-04-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager\u0027s RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-06T20:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Apr/9"
        },
        {
          "name": "97394",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "https://www.securityfocus.com/bid/97394/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-9498",
          "STATE": "PUBLIC",
          "TITLE": "ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Applications Manager",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "12",
                            "version_value": "12"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "13",
                            "version_value": "13"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ManageEngine"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Thanks to Lukasz Juszczyk for reporting this vulnerability."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager\u0027s RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2017/Apr/9"
            },
            {
              "name": "97394",
              "refsource": "BID",
              "url": "https://www.securityfocus.com/bid/97394/"
            },
            {
              "name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html",
              "refsource": "CONFIRM",
              "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-9498",
    "datePublished": "2018-07-13T20:00:00",
    "dateReserved": "2016-11-21T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted