Zoho ManageEngine Remote Access Plus 10.0.259 User Administration Screen userMgmt.do Description injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Zoho ManageEngine Remote Access Plus 10.0.259 (Remote Access Software). It has been declared as critical. This vulnerability affects an unknown function of the file userMgmt.do?actionToCall=ShowUser of the component User Administration Screen. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field02/04/2021 10:12 AM02/23/2021 12:08 PM
vendorZoho ManageEngineZoho ManageEngine
nameRemote Access PlusRemote Access Plus
version10.0.25910.0.259
componentUser Administration ScreenUser Administration Screen
fileuserMgmt.do?actionToCall=ShowUseruserMgmt.do?actionToCall=ShowUser
argumentDescriptionDescription
cwe74 (privilege escalation)74 (privilege escalation)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_uiNN
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
urlhttps://www.esecforte.com/responsible-vulnerability-disclosure-cve-2019-16268-html-injection-vulnerability-in-manageengine-remote-access-plus/https://www.esecforte.com/responsible-vulnerability-disclosure-cve-2019-16268-html-injection-vulnerability-in-manageengine-remote-access-plus/
cveCVE-2019-16268CVE-2019-16268
date1612393200 (02/04/2021)1612393200 (02/04/2021)
typeRemote Access SoftwareRemote Access Software
cvss2_vuldb_avNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_sUU
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss2_vuldb_basescore6.06.0
cvss2_vuldb_tempscore6.06.0
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.36.3
cvss3_meta_basescore6.36.3
cvss3_meta_tempscore6.36.3
price_0day$0-$5k$0-$5k
cve_assigned1568239200
cve_nvd_summaryZoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.
confirm_urlhttps://www.manageengine.com/remote-desktop-management/knowledge-base/html-injection.html

Might our Artificial Intelligence support you?

Check our Alexa App!