Lucene search

[email protected]CVE-2019-15045

HistoryAug 21, 2019 - 7:15 p.m.

CVE-2019-15045

2019-08-2119:15:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2019-15045

zoho manageengine

servicedesk plus 10

user enumeration

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.032 Low

EPSS

Percentile

91.2%

JSON

AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor’s position is that this is intended functionality

CPENameOperatorVersion
zohocorp:manageengine_servicedesk_pluszohocorp manageengine servicedesk pluslt10509

CPE	Name	Operator	Version
zohocorp:manageengine_servicedesk_plus	zohocorp manageengine servicedesk plus	lt	10509

References

packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html

seclists.org/fulldisclosure/2019/Aug/17

www.manageengine.com/products/service-desk/readme.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.032 Low

EPSS

Percentile

91.2%

JSON

Related for CVE-2019-15045

cvelist1 prion1 zdt1 packetstorm1