CVE-2020-9346
Published Mar 16, 2020
Last updated 2 years ago
Overview
- Description
- Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2753BE85-2E54-437C-95D3-EE0339BFCD0F",
"versionEndExcluding": "10.4"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "310987F7-216C-47DC-9AEA-F383D31B2F8C"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10400:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBE9858E-817C-4E40-B880-4B466272FD87"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10401:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B94A45F-595F-4F2A-83C9-501DDFDF1DC3"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10402:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA1DD26C-22D3-45F4-B877-605B56379A0B"
}
],
"operator": "OR"
}
]
}
]