CVE-2022-24446

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Key Manager Plus version 6.1.6

Description An issue was discovered where a user with the level Operator can see all SSH servers and user information, even if no SSH server or user is associated with the operator.

Recommendations For Zoho ManageEngine Key Manager Plus version 6.1.6, consider restricting access to sensitive information for Operator-level users until a patch is available. As a temporary workaround, consider limiting the visibility of SSH servers and user information to only those associated with each Operator. At the moment, there is no information about a newer version that contains a fix for this vulnerability.