CVE-2017-11557

CWE-200Information Exposure3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.9%
top 25.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Applications Manager
Timeline
PublishedMay 23
Latest updateMay 24

Description

An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-mm67-7974-qm7r: An issue was discovered in ZOHO ManageEngine Applications Manager 122022-05-24
CVEList
CVE-2017-11557: An issue was discovered in ZOHO ManageEngine Applications Manager 122019-05-23
CVE-2017-11557 (MEDIUM CVSS 5.3) | An issue was discovered in ZOHO Man | cvebase.io