Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2019-11361
CVE-2019-11361:
Zoho ManageEngine Remote Access Plus vulnerability analysis and mitigation
Overview
A privilege escalation vulnerability (CVE-2019-11361) was discovered in ManageEngine Remote Access Plus that allows unauthorized users (Guest users) to perform operations with administrative privileges. The vulnerability was reported by Pedro Afonso Guerreiro and was addressed with an update released on March 17, 2020 (ManageEngine KB).
Technical details
The vulnerability allows Guest users to elevate their privileges and perform Remote Access Plus operations with administrative access, effectively bypassing the intended access control mechanisms (ManageEngine KB).
Impact
When exploited, this vulnerability enables unauthorized users with Guest privileges to execute administrative-level operations within Remote Access Plus, potentially compromising the security and integrity of the system (ManageEngine KB).
Mitigation and workarounds
ManageEngine has resolved the issue and released fixes in build 100454. Users are advised to visit the Remote Access Plus service packs page, download the latest PPM, and apply the update to protect against this vulnerability (ManageEngine KB).
Additional resources
Source: This report was generated using AI
Related Zoho ManageEngine Remote Access Plus vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management