PT-2019-13952 · Zoho · Zoho Manageengine Servicedesk Plus
Published
2019-08-21
·
Updated
2024-08-05
·
CVE-2019-15045
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Zoho ManageEngine ServiceDesk Plus version 10
Description
The issue allows user enumeration through the AjaxDomainServlet. The vendor considers this as intended functionality.
Recommendations
For Zoho ManageEngine ServiceDesk Plus version 10, consider restricting access to the AjaxDomainServlet to minimize the risk of user enumeration.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoho Manageengine Servicedesk Plus