CVE-2020-13154

Published May 18, 2020

Last updated 3 months ago

CVSS medium 6.5

Overview

Description: Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-862

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "298623A4-60DF-41F6-B2FD-ED84E6D2C06C"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "523C554B-076C-4F59-A04B-92D57CDAF7E8"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A85A576-6144-41DB-9ACF-1DD93D5A8852"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02EC45C8-CD28-4B2A-A1FA-1EA9F8B392F7"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A4A02F3-4427-4E4C-9245-EF5D73A7AC71"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "063D71A3-F1DF-486A-92E1-338C6D5C9E8E"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14A2C9CC-D434-41A7-A01A-03933675556A"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B283BD0B-22E3-4AD3-AE4B-07431DA00E5C"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42FDD0DE-EEE7-4D82-B9CA-EFA052728C7D"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DED26B68-E61F-4575-85AD-48EC2E128712"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F69FF4ED-AFCE-49A2-AD4C-E6A870FFA32D"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AFCBA54-26E4-4C56-82BB-135FCA210419"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B594A55-DBF5-4C3F-855F-843A7F26DFEF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References