{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-22T02:19:02.939","vulnerabilities":[{"cve":{"id":"CVE-2017-16608","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2018-01-23T01:29:01.257","lastModified":"2026-06-17T01:09:33.593","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4749."},{"lang":"es","value":"Netgain Enterprise Manager\tCVE-2017-16608\tEsta vulnerabilidad permite que atacantes remotos ejecuten código arbitrario en instalaciones vulnerables de Netgain Enterprise Manager. No se requiere autenticación para explotar esta vulnerabilidad. Este error en concreto existe en exec.jsp. El problema deriva de la falta de validación correcta de una cadena proporcionada por el usuario antes de emplearla para ejecutar una llamada del sistema. Un atacante podría aprovecharse de esta vulnerabilidad para ejecutar código en el contexto del actual usuario. Anteriormente era ZDI-CAN-4749."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"NetGain Systems","product":"NetGain Systems Enterprise Manager","versions":[{"version":"v7.2.586 build 877","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-134"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netgain-systems:enterprise_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"7.2.766","matchCriteriaId":"DCAF3357-3AD7-4E1B-BFF9-E008D6C1D826"}]}]}],"references":[{"url":"https://www.tenable.com/security/research/tra-2018-02","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]},{"url":"https://zerodayinitiative.com/advisories/ZDI-17-950","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.tenable.com/security/research/tra-2018-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://zerodayinitiative.com/advisories/ZDI-17-950","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}