2 matches found
CVE-2021-20109
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the...
CVE-2021-20109
CVE-2021-20109 affects Zoho ManageEngine AssetExplorer: an Asset Explorer agent that does not validate HTTPS certificates allows a network attacker to spoof the server IP and issue NEWSCAN requests, potentially triggering the agent to reveal its HTTP requests and tokens. The root cause is a heap ...