exploitDog

GHSA-gp2f-p94x-gqv7

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring.

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring.

Ссылки

EPSS

Процентиль: 91%

0.07166

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-639

Связанные уязвимости

CVE-2019-12252

CVSS3: 6.5

nvd

больше 6 лет назад

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring.

EPSS

Процентиль: 91%

0.07166

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-639