Lucene search

[email protected]CVE-2019-19800

HistoryFeb 06, 2020 - 5:15 p.m.

CVE-2019-19800

2020-02-0617:15:13

CWE-306

[email protected]

web.nvd.nist.gov

cve-2019-19800

zoho

manageengine

applications manager

vulnerability

os file disclosure

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.2%

JSON

Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.

Affected configurations

NVD

Node

zohocorpmanageengine_applications_managerMatch14.0-

zohocorpmanageengine_applications_managerMatch14.0build14000

zohocorpmanageengine_applications_managerMatch14.0build14010

zohocorpmanageengine_applications_managerMatch14.0build14020

zohocorpmanageengine_applications_managerMatch14.0build14030

zohocorpmanageengine_applications_managerMatch14.0build14040

zohocorpmanageengine_applications_managerMatch14.0build14050

zohocorpmanageengine_applications_managerMatch14.0build14060

zohocorpmanageengine_applications_managerMatch14.0build14070

zohocorpmanageengine_applications_managerMatch14.0build14071

zohocorpmanageengine_applications_managerMatch14.0build14072

zohocorpmanageengine_applications_managerMatch14.0build14073

zohocorpmanageengine_applications_managerMatch14.0build14080

zohocorpmanageengine_applications_managerMatch14.0build14090

zohocorpmanageengine_applications_managerMatch14.0build14100

zohocorpmanageengine_applications_managerMatch14.0build14110

zohocorpmanageengine_applications_managerMatch14.0build14120

zohocorpmanageengine_applications_managerMatch14.0build14130

zohocorpmanageengine_applications_managerMatch14.0build14140

zohocorpmanageengine_applications_managerMatch14.0build14150

zohocorpmanageengine_applications_managerMatch14.0build14160

zohocorpmanageengine_applications_managerMatch14.0build14170

zohocorpmanageengine_applications_managerMatch14.0build14180

zohocorpmanageengine_applications_managerMatch14.0build14190

zohocorpmanageengine_applications_managerMatch14.0build14200

zohocorpmanageengine_applications_managerMatch14.0build14210

zohocorpmanageengine_applications_managerMatch14.0build14220

zohocorpmanageengine_applications_managerMatch14.0build14230

zohocorpmanageengine_applications_managerMatch14.0build14240

zohocorpmanageengine_applications_managerMatch14.0build14250

zohocorpmanageengine_applications_managerMatch14.0build14260

zohocorpmanageengine_applications_managerMatch14.0build14261

zohocorpmanageengine_applications_managerMatch14.0build14262

zohocorpmanageengine_applications_managerMatch14.0build14270

zohocorpmanageengine_applications_managerMatch14.0build14280

zohocorpmanageengine_applications_managerMatch14.0build14290

zohocorpmanageengine_applications_managerMatch14.0build14300

zohocorpmanageengine_applications_managerMatch14.0build14310

zohocorpmanageengine_applications_managerMatch14.0build14330

zohocorpmanageengine_applications_managerMatch14.0build14331

zohocorpmanageengine_applications_managerMatch14.0build14332

zohocorpmanageengine_applications_managerMatch14.0build14340

zohocorpmanageengine_applications_managerMatch14.0build14350

zohocorpmanageengine_applications_managerMatch14.0build14360

zohocorpmanageengine_applications_managerMatch14.0build14361

zohocorpmanageengine_applications_managerMatch14.0build14370

zohocorpmanageengine_applications_managerMatch14.0build14380

zohocorpmanageengine_applications_managerMatch14.0build14390

zohocorpmanageengine_applications_managerMatch14.0build14400

zohocorpmanageengine_applications_managerMatch14.0build14401

zohocorpmanageengine_applications_managerMatch14.0build14410

zohocorpmanageengine_applications_managerMatch14.0build14420

zohocorpmanageengine_applications_managerMatch14.0build14430

zohocorpmanageengine_applications_managerMatch14.0build14440

zohocorpmanageengine_applications_managerMatch14.0build14450

zohocorpmanageengine_applications_managerMatch14.0build14460

zohocorpmanageengine_applications_managerMatch14.0build14470

zohocorpmanageengine_applications_managerMatch14.0build14480

zohocorpmanageengine_applications_managerMatch14.0build14490

zohocorpmanageengine_applications_managerMatch14.0build14500

zohocorpmanageengine_applications_managerMatch14.0build14510

CPENameOperatorVersion
zohocorp:manageengine_applications_managerzohocorp manageengine applications managereq14.0

CPE	Name	Operator	Version
zohocorp:manageengine_applications_manager	zohocorp manageengine applications manager	eq	14.0

References

gitlab.com/eLeN3Re/CVE-2019-19800/

www.manageengine.com

www.manageengine.com/products/applications_manager/release-notes.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.2%

JSON

Related for CVE-2019-19800

cvelist1 nvd1 prion1