6.5 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.239 Low
EPSS
Percentile
96.5%
ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request.
CPE | Name | Operator | Version |
---|---|---|---|
manageengine:device_expert | manageengine device expert | le | 5.9 |
packetstormsecurity.com/files/128019/ManageEngine-DeviceExpert-5.9-Credential-Disclosure.html
seclists.org/fulldisclosure/2014/Aug/75
seclists.org/fulldisclosure/2014/Aug/76
seclists.org/fulldisclosure/2014/Aug/84
www.exploit-db.com/exploits/34449
www.manageengine.com/products/device-expert/release-notes.html
www.securityfocus.com/archive/1/533250/100/0/threaded
www.securityfocus.com/bid/69443
exchange.xforce.ibmcloud.com/vulnerabilities/95562
raw.githubusercontent.com/pedrib/PoC/master/me_deviceexpert-5.txt