4 matches found
CVE-2019-19774
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data...
ManageEngine EventLog Analyzer 10.0 Information Disclosure
Exploit Title: ManageEngine EventLog Analyzer 10.0 - Information Disclosure Date: 2020-02-23 Author:Scott Goodwin Vendor: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/eventlog/ CVE: CVE-2019-19774 Vulnerability Name: Authenticated Information Disclosure in...
ManageEngine EventLog Analyzer 10.0 - Information Disclosure Vulnerability
Exploit for java platform in category web applications Exploit Title: ManageEngine EventLog Analyzer 10.0 - Information Disclosure Author: Scott Goodwin Vendor: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/eventlog/ CVE: CVE-2019-19774 Vulnerability Name:...
CVE-2019-19774
CVE-2019-19774 affects Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. An authenticated user can bypass access controls via the /event/runquery.do endpoint by executing the query select hostdetails from hostdetails, bypassing restrictions that prevent viewing credential data and ...