Lucene search
K

Zoho ManageEngine - Internal Hostname Disclosure

🗓️ 01 Jul 2026 03:36:47Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 50 Views

Zoho ManageEngine - Internal Hostname Disclosure in Desktop Centra

Related
Refs
Code
id: CVE-2022-23779

info:
  name: Zoho ManageEngine - Internal Hostname Disclosure
  author: cckuailong
  severity: medium
  description: Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
  impact: |
    An attacker could use the disclosed internal hostnames to plan targeted attacks, gain unauthorized access, or perform reconnaissance on the internal network.
  remediation: |
    Apply the latest security patch or update provided by Zoho ManageEngine to fix the internal hostname disclosure vulnerability.
  reference:
    - https://www.manageengine.com/products/desktop-central/cve-2022-23779.html
    - https://github.com/fbusr/CVE-2022-23779
    - https://nvd.nist.gov/vuln/detail/CVE-2022-23779
    - https://github.com/soosmile/POC
    - https://github.com/zecool/cve
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-23779
    cwe-id: CWE-200
    epss-score: 0.1514
    epss-percentile: 0.96327
    cpe: cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: zohocorp
    product: manageengine_desktop_central
    shodan-query: http.title:"manageengine desktop central 10"
    fofa-query:
      - app="ZOHO-ManageEngine-Desktop"
      - title="manageengine desktop central 10"
      - app="zoho-manageengine-desktop"
    google-query: intitle:"manageengine desktop central 10"
  tags: cve,cve2022,zoho,exposure,zohocorp,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/themes"

    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - '/themes/'
          - 'text/html'
        condition: and

      - type: word
        part: location
        negative: true
        words:
          - '{{Host}}'

      - type: word
        words:
          - '<center><h1>301 Moved Permanently</h1></center>'

      - type: regex
        part: location
        regex:
          - 'https?:\/\/(.*):'

      - type: status
        status:
          - 301

    extractors:
      - type: regex
        group: 1
        regex:
          - 'https?:\/\/(.*):'
        part: location
# digest: 4a0a00473045022100c980049e5f7b1a88ee7ca50505b43c4d869d76e700928ef3e65d7292b0cd2f15022025c385332d6efe10d09aed14905635362a57f47867ad3409f4d7da5624183d8f:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6Medium risk
Vulners AI Score6
CVSS 25
CVSS 3.15.3
EPSS0.1514
50