CVE-2014-7862

critical

Description

The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.

References

Advisories
More

https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html

https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt

https://exchange.xforce.ibmcloud.com/vulnerabilities/99595

http://www.securityfocus.com/bid/71849

http://seclists.org/fulldisclosure/2015/Jan/2

http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html

http://www.securityfocus.com/archive/1/534356/100/0/threaded

Details

Source: Mitre, NVD

Published: 2018-01-04

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.81864

Detections

Analytics