CVE-2020-11946

Опубликовано: 20 апр. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.

Ссылки

https://cwe.mitre.org/data/definitions/306.html
Third Party Advisory
https://www.manageengine.com/network-monitoring/help/read-me-complete.html
Release Notes
Vendor Advisory
https://cwe.mitre.org/data/definitions/306.html
Third Party Advisory
https://www.manageengine.com/network-monitoring/help/read-me-complete.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125113:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125114:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125116:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.67005

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-67r2-78g2-6xw9