← Back

CVE-2019-8394

nvd nist
Published: Feb 17, 2019Modified: Nov 7, 2025CISA KEV

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.

Affected (14)

Zohocorp
1 product
Manageengine Servicedesk Plus
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Servicedesk Plus
Before 10.0.0
Manageengine Servicedesk Plus
Version 10.0.0
Manageengine Servicedesk Plus
Version 10.0.0 10000
Manageengine Servicedesk Plus
Version 10.0.0 10001
Manageengine Servicedesk Plus
Version 10.0.0 10002
Manageengine Servicedesk Plus
Version 10.0.0 10003
Manageengine Servicedesk Plus
Version 10.0.0 10004
Manageengine Servicedesk Plus
Version 10.0.0 10005
Manageengine Servicedesk Plus
Version 10.0.0 10006
Manageengine Servicedesk Plus
Version 10.0.0 10007
Manageengine Servicedesk Plus
Version 10.0.0 10008
Manageengine Servicedesk Plus
Version 10.0.0 10009
Manageengine Servicedesk Plus
Version 10.0.0 10010
Manageengine Servicedesk Plus
Version 10.0.0 10011

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (7)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.