Описание
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.
Ссылки
- Third Party Advisory
- Release NotesVendor Advisory
- Third Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.9 (включая)
Одно из
cpe:2.3:a:zohocorp:manageengine_key_manager_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.0:6000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.0:6001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.0:6002:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1:6100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1:6150:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1:6151:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1:6160:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1:6161:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00497
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 6.5
github
почти 4 года назад
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.
EPSS
Процентиль: 65%
0.00497
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-noinfo