CVE-2016-4890

Опубликовано: 14 апр. 2017

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.

Ссылки

http://jvn.jp/en/jp/JVN72559412/index.html
Third Party Advisory
VDB Entry
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000171.html
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/93216
Third Party Advisory
VDB Entry
https://www.manageengine.com/products/service-desk/readme-9.2.html
http://jvn.jp/en/jp/JVN72559412/index.html
Third Party Advisory
VDB Entry
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000171.html
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/93216
Third Party Advisory
VDB Entry
https://www.manageengine.com/products/service-desk/readme-9.2.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zohocorp:servicedesk_plus:*:*:*:*:*:*:*:*

Версия до 9.1 (включая)

EPSS

Процентиль: 86%

0.03

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-254

Связанные уязвимости

GHSA-h2jg-xqpm-gpc5