CVE-2019-19774

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine EventLog Analyzer versions 10.0 SP1 before Build 12110

Description An issue was discovered that allows bypassing security restrictions, enabling the recovery of MD5 hashes of accounts used to authenticate the ManageEngine platform to managed machines on the network. This is achieved by running a specific query at the "/event/runquery.do" endpoint, which bypasses restrictions that prevent viewing credential data stored in the database. The query "select hostdetails from hostdetails" can be used to exploit this issue, allowing access to sensitive information.

Recommendations For Zoho ManageEngine EventLog Analyzer versions 10.0 SP1 before Build 12110, consider disabling access to the "/event/runquery.do" endpoint until a patch is available. Restrict the use of queries that can bypass security restrictions, such as those mentioning hostdetails, to minimize the risk of exploitation. Update to a version that includes the fix, specifically Build 12110 or later, to fully resolve the issue.