CVE-2016-1159

Опубликовано: 09 мар. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.

Ссылки

http://jvn.jp/vu/JVNVU90405898/index.html
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/cve-2016-1159/
Third Party Advisory
https://www.manageengine.com/products/passwordmanagerpro/issues-fixed.html
Vendor Advisory
https://www.manageengine.com/products/passwordmanagerpro/release-notes.html
Release Notes
http://jvn.jp/vu/JVNVU90405898/index.html
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/cve-2016-1159/
Third Party Advisory
https://www.manageengine.com/products/passwordmanagerpro/issues-fixed.html
Vendor Advisory
https://www.manageengine.com/products/passwordmanagerpro/release-notes.html
Release Notes

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.3:build8303:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.4:build8400:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.4:build8401:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.4:build8402:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00476

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-f46c-2gwh-ff9p

github

больше 3 лет назад