PT-2019-14951 · Zoho · Zoho Manageengine Datasecurity Plus

Dominique Righetto

Published

2019-10-09

Updated

2019-11-20

CVE-2019-17112

CVSS v3.1

4.3

Medium

Vector

AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine DataSecurity Plus versions prior to 5.0.1 5012

Description An issue was discovered that allows a basic user with "Operator" access level to access the configuration file of the mail server, excluding the password, due to an exposed service.

Recommendations For versions prior to 5.0.1 5012, update to version 5.0.1 5012 or later to resolve the issue.

Fix

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552

Related Identifiers

CVE-2019-17112

Affected Products

Zoho Manageengine Datasecurity Plus

PT-2019-14951 · Zoho · Zoho Manageengine Datasecurity Plus

CVE-2019-17112

Weakness Enumeration

Related Identifiers

Affected Products

References · 4