CSRF in Zohocorp Manageengine_desktop_central

CVE-2014-9331

Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.020 (84.2th percentile) — read the EPSS interpretation.

Affected products

Zohocorp Manageengine_desktop_central
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
72464 (vdb-entry, x_refsource_BID)
35980 (Exploit, exploit, x_refsource_EXPLOIT-DB)
20150202 [CVE-2014-9331] ManageEngine Desktop Central CSRF vulnerability to add an Admin user advisory (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (Exploit, x_refsource_MISC)