Nov. 15, 2023, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Applications Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-38333.

applications applications manager arbitrary code attackers code code execution cross-site cvss exploit file malicious manageengine manager page rating remote code remote code execution scripting singlesignon target vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

Information Security Engineers

@ D. E. Shaw Research | New York City

Staff Security Engineering(Cloud Security)

@ Coupang | Seoul, South Korea

Consultant en Gestion de Crise Cyber et Continuité d'Activité H/F

@ Hifield | Sèvres, France

Forensic Service Director

@ PwC | Calgary - 111-5th Avenue Southwest

Information Security Analyst

@ Guidewire Software | India - Bengaluru

Cyber Security Engineer III-IV (Splunk Content Developer/ES Search head Admin)

@ Navy Federal Credit Union | Vienna, VA, United States