Lucene search

Manageengine Password Manager Pro Security Vulnerabilities - 2020

cve

CVE-2016-1159

In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.

6.5CVSS

6.4AI Score

0.002EPSS

2020-03-09 05:15 PM

cve

CVE-2020-9346

Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.

8.8CVSS

8.8AI Score

0.003EPSS

2020-03-16 10:15 PM

cve

CVE-2020-9347

Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external ap...

9.8CVSS

9.3AI Score

0.004EPSS

2020-03-16 10:15 PM