← Back

CVE-2020-9346

nvd nist
Published: Mar 16, 2020Modified: Jun 17, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.

Affected (5)

Zohocorp
1 product
Manageengine Password Manager Pro
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Password Manager Pro
Before 10.4
Manageengine Password Manager Pro
Version 10.4
Manageengine Password Manager Pro
Version 10.4 build10400
Manageengine Password Manager Pro
Version 10.4 build10401
Manageengine Password Manager Pro
Version 10.4 build10402

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory

Timeline

No history available yet.