ManageEngine products information disclosure | CVE-2023-6105
NAME
__________
ManageEngine products information disclosure
Platforms Affected:
Zoho ManageEngine Service Desk Plus 14303
Zoho ManageEngine Asset Explorer 7003
Zoho ManageEngine Service Desk Plus MSP 14304
Zoho ManageEngine Support Center Plus 14303
Zoho ManageEngine Access Manager Plus 4309
Zoho ManageEngine PAM 360 5699
Zoho ManageEngine Password Manager Pro 12299
Zoho ManageEngine OpManager 125631 Windows
Zoho ManageEngine OpManager 127242 Linux
Zoho ManageEngine Firewall Analyser 125631 Windows
Zoho ManageEngine Firewall Analyser 127242 Linux
Zoho ManageEngine Netflow Analyser 125631 Windows
Zoho ManageEngine Netflow Analyser 127242 Linux
Zoho ManageEngine Network Configurations Manager 125631 Windows
Zoho ManageEngine Network Configurations Manager 127242 Linux
Zoho ManageEngine OpUtils 125631 Windows
Zoho ManageEngine OpUtils 127242 Linux
Zoho ManageEngine Creator On-Premise 1.1.1
Zoho ManageEngine Creator On-Premise 1.1.2
Zoho ManageEngine Analytics Plus On-Premise 5260
Zoho ManageEngine ADSelfService Plus 6303
Zoho ManageEngine ADManager Plus 7209
Zoho ManageEngine ADAudit Plus 7250
Zoho ManageEngine Cloud Security Plus 4162
Zoho ManageEngine Data Security Plus 6125
Zoho ManageEngine Exchange Reporter Plus 5712
Zoho ManageEngine M365 Manager Plus 4538
Zoho ManageEngine M365 Security Plus 4538
Zoho ManageEngine SharePoint Manager Plus 4404
Zoho ManageEngine Recovery Manager Plus 6073
Zoho ManageEngine Log360 UEBA 4048
Zoho ManageEngine Log360 UEBA 4047
Zoho ManageEngine Endpoint Central 11.2.2300.22
Zoho ManageEngine Endpoint Central 11.2.2300.24
Zoho ManageEngine Endpoint Central 11.2.2300.26
Zoho ManageEngine Endpoint Central MSP 11.2.2300.22
Zoho ManageEngine Endpoint Central MSP 11.2.2300.24
Zoho ManageEngine Endpoint Central MSP 11.2.2300.26
Zoho ManageEngine Remote Monitoring and Management 10.2.9
Zoho ManageEngine Remote Monitoring and Management 10.2.8
Zoho ManageEngine Mobile Device Management 10.1.2203.1
Zoho ManageEngine Mobile Device Management 10.1.2201.3
Zoho ManageEngine Remote Access Plus 11.2.2325.16
Zoho ManageEngine Remote Access Plus 11.2.2315.16
Zoho ManageEngine OS Deployer 1.2.2327.1
Zoho ManageEngine OS Deployer 1.2.2325.1
Zoho ManageEngine OS Deployer 1.2.2320.1
Zoho ManageEngine Browser Security Plus 11.2.2315.16
Zoho ManageEngine Browser Security Plus 11.2.2307.1
Zoho ManageEngine Browser Security Plus 11.2.2300.3
Zoho ManageEngine Patch Manager Plus 11.2.2325.18
Zoho ManageEngine Patch Manager Plus 11.2.2325.13
Zoho ManageEngine Patch Manager Plus 11.2.2315.16
Zoho ManageEngine Vulnerability Manager Plus 11.2.2325.13
Zoho ManageEngine Vulnerability Manager Plus 11.2.2325.10
Zoho ManageEngine Application Control Plus 11.2.2325.10
Zoho ManageEngine Application Control Plus 11.2.2325.09
Zoho ManageEngine Patch Connect Plus 90123
Zoho ManageEngine Device Control Plus 11.2.2325.10
Zoho ManageEngine Device Control Plus 11.2.2325.9
Zoho ManageEngine Endpoint DLP Solution 11.2.2300.01
Zoho ManageEngine Endpoint DLP Solution 11.2.2300.03
Zoho ManageEngine Secure Gateway Server 90090
Risk Level:
5.5
Exploitability:
Unproven
Consequences:
Obtain Information
DESCRIPTION
__________
ManageEngine products could allow a local authenticated attacker to obtain sensitive information, caused by the insertion of an encryption key in the “CryptTag” configuration in the /conf/customer-config.xml file. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain an encryption key, and use this information to decrypt product database passwords.
CVSS 3.0 Information
__________
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Access Vector:
Local
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
