CVE-2020-8422

Опубликовано: 31 янв. 2020

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).

Ссылки

https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-8422
https://excellium-services.com/cert-xlm-advisory/CVE-2020-8422
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/cve-2020-8422/
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/CVE-2020-8422
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/cve-2020-8422/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:*:*:*:*:*:*:*:*

Версия до 10.0.450 (исключая)

EPSS

Процентиль: 50%

0.00266

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-c54r-ffv6-72gm

CVSS3: 4.3

github

больше 3 лет назад

EPSS

Процентиль: 50%

0.00266

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo