CVE-2018-16364

HIGH

Zohocorp Manageengine Applications Manager - Insecure Deserialization

Title source: rule

Description

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.

References (1)

[Exploit, Mitigation, Third Party Advisory] https://blog.jamesotten.com/post/applications-manager-rce/

Scores

CVSS v3 8.1

EPSS 0.0236

EPSS Percentile 84.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (10)

zohocorp/manageengine_applications_manager

zohocorp/manageengine_applications_manager

zohocorp/manageengine_applications_manager

zohocorp/manageengine_applications_manager

zohocorp/manageengine_applications_manager

zohocorp/manageengine_applications_manager

zohocorp/manageengine_applications_manager

zohocorp/manageengine_applications_manager

zohocorp/manageengine_applications_manager

zohocorp/manageengine_applications_manager

Timeline

Published Sep 26, 2018

Tracked Since Feb 18, 2026