CVE-2020-13154
Published May 18, 2020
Last updated 3 years ago
Overview
- Description
- Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-862
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "298623A4-60DF-41F6-B2FD-ED84E6D2C06C"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "523C554B-076C-4F59-A04B-92D57CDAF7E8"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A85A576-6144-41DB-9ACF-1DD93D5A8852"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02EC45C8-CD28-4B2A-A1FA-1EA9F8B392F7"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A4A02F3-4427-4E4C-9245-EF5D73A7AC71"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "063D71A3-F1DF-486A-92E1-338C6D5C9E8E"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14A2C9CC-D434-41A7-A01A-03933675556A"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B283BD0B-22E3-4AD3-AE4B-07431DA00E5C"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42FDD0DE-EEE7-4D82-B9CA-EFA052728C7D"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DED26B68-E61F-4575-85AD-48EC2E128712"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F69FF4ED-AFCE-49A2-AD4C-E6A870FFA32D"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7AFCBA54-26E4-4C56-82BB-135FCA210419"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B594A55-DBF5-4C3F-855F-843A7F26DFEF"
}
],
"operator": "OR"
}
]
}
]