Unrated severityNVD Advisory· Published Mar 23, 2020· Updated Aug 5, 2024
CVE-2019-19034
CVE-2019-19034
Description
Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Zoho/ManageEngine Asset Explorerdescription
- Range: 6.5
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/157731/ManageEngine-AssetExplorer-Authenticated-Command-Execution.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2020/May/36mitremailing-listx_refsource_FULLDISC
- www.manageengine.com/products/asset-explorer/sp-readme.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.