CVE-2015-2560

Опубликовано: 02 авг. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Средний

Описание

Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet.

Ссылки

http://packetstormsecurity.com/files/131062/Manage-Engine-Desktop-Central-9-Unauthorized-Administrative-Password-Reset.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/535004/100/1400/threaded
http://www.securityfocus.com/bid/73380
Third Party Advisory
VDB Entry
https://www.manageengine.com/products/desktop-central/unauthorized-admin-credential-modification.html
Vendor Advisory
http://packetstormsecurity.com/files/131062/Manage-Engine-Desktop-Central-9-Unauthorized-Administrative-Password-Reset.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/535004/100/1400/threaded
http://www.securityfocus.com/bid/73380
Third Party Advisory
VDB Entry
https://www.manageengine.com/products/desktop-central/unauthorized-admin-credential-modification.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zohocorp:manageengine_desktop_central:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.20364

Средний

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-x3r9-8qrf-5hff