Описание
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.
Ссылки
- Third Party Advisory
- Release NotesVendor Advisory
- Third Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1.6:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1.6:build6100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1.6:build6150:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1.6:build6151:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1.6:build6160:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1.6:build6161:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.02009
Низкий
4.3 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 4.3
github
почти 4 года назад
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.
EPSS
Процентиль: 83%
0.02009
Низкий
4.3 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
NVD-CWE-noinfo