ZOHO ManageEngine Remote Access Plus Information Disclosure Vulnerability

ZOHO ManageEngine Remote Access Plus is a remote access solution from ZOHO, Inc. An information disclosure vulnerability exists in ZOHO ManageEngine Remote Access Plus Server prior to version 10.1.2132.6, which stems from a privilege management Improperly managed, the process will start as a logged-in user, so a non-administrator can perform a memory dump. An attacker could use this vulnerability to remotely dump all sensitive information, including database connection strings, entire IT infrastructure details, commands executed by IT administrators, including credentials, secrets, private keys, etc.