An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-09-12T16:00:00

Updated: 2024-08-05T09:00:35.177Z

Reserved: 2018-07-06T00:00:00

Link: CVE-2018-13412

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-09-12T16:29:01.787

Modified: 2021-04-21T17:15:08.687

Link: CVE-2018-13412

cve-icon Redhat

No data.