CVE-2020-13154

Published: May 18, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.

Affected (13)

Products: Zohocorp: Manageengine Servicedesk Plus

Zohocorp

1 product

Manageengine Servicedesk Plus

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Servicedesk Plus	Version 11.1
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11100
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11101
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11102
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11103
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11104
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11105
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11106
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11107
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11108
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11109
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11110
Zohocorp Manageengine Servicedesk Plus	Version 11.1 11111