CVE-2018-11716Log File Information Exposure in Manageengine Desktop Central

CWE-532Log File Information Exposure3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
9.1%
top 7.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Desktop Central
Timeline
PublishedJul 16
Latest updateMay 14

Description

An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-8jmq-m9fv-qr74: An issue was discovered in Zoho ManageEngine Desktop Central before 1002302022-05-14
CVEList
CVE-2018-11716: An issue was discovered in Zoho ManageEngine Desktop Central before 1002302018-07-16
CVE-2018-11716 — Log File Information Exposure | cvebase