March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Apple watchOS Vulnerabilities
January 2, 2024Rewterz Threat Alert – APT28 Targets Ukrainian and Polish Governments with Previously Undocumented Malware – Active IOCs
January 2, 2024Rewterz Threat Advisory – Multiple Apple watchOS Vulnerabilities
January 2, 2024Rewterz Threat Alert – APT28 Targets Ukrainian and Polish Governments with Previously Undocumented Malware – Active IOCs
January 2, 2024
Severity
Medium
Analysis Summary
CVE-2023-39912
Zoho ManageEngine ADManager Plus could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Impact
- Information Theft
Indicators Of Compromise
CVE
- CVE-2023-39912
Affected Vendors
Zoho
Affected Products
- IBM InfoSphere Information Server 11.7
Remediation
Refer to ManageEngine Website for patch, upgrade or suggested workaround information.