CVE-2022-24446
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
32.5%
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zohocorp | manageengine_key_manager_plus | 6.1.6 | cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1.6:*:*:*:*:*:*:* |
| zohocorp | manageengine_key_manager_plus | 6.1.6 | cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1.6:build6100:*:*:*:*:*:* |
| zohocorp | manageengine_key_manager_plus | 6.1.6 | cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1.6:build6150:*:*:*:*:*:* |
| zohocorp | manageengine_key_manager_plus | 6.1.6 | cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1.6:build6151:*:*:*:*:*:* |
| zohocorp | manageengine_key_manager_plus | 6.1.6 | cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1.6:build6160:*:*:*:*:*:* |
| zohocorp | manageengine_key_manager_plus | 6.1.6 | cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1.6:build6161:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
32.5%