Lucene search

K
cve[email protected]CVE-2020-13154
HistoryMay 18, 2020 - 10:15 p.m.

CVE-2020-13154

2020-05-1822:15:12
CWE-862
web.nvd.nist.gov
705
zoho
manageengine
service plus
cve-2020-13154
file protection
password disclosure
ajaxservlet

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

43.9%

Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.

Affected configurations

NVD
Node
zohocorpmanageengine_servicedesk_plusMatch11.1-
OR
zohocorpmanageengine_servicedesk_plusMatch11.111100
OR
zohocorpmanageengine_servicedesk_plusMatch11.111101
OR
zohocorpmanageengine_servicedesk_plusMatch11.111102
OR
zohocorpmanageengine_servicedesk_plusMatch11.111103
OR
zohocorpmanageengine_servicedesk_plusMatch11.111104
OR
zohocorpmanageengine_servicedesk_plusMatch11.111105
OR
zohocorpmanageengine_servicedesk_plusMatch11.111106
OR
zohocorpmanageengine_servicedesk_plusMatch11.111107
OR
zohocorpmanageengine_servicedesk_plusMatch11.111108
OR
zohocorpmanageengine_servicedesk_plusMatch11.111109
OR
zohocorpmanageengine_servicedesk_plusMatch11.111110
OR
zohocorpmanageengine_servicedesk_plusMatch11.111111

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

43.9%

Related for CVE-2020-13154