CVE-2018-11717 — Log File Information Exposure in Manageengine Desktop Central

CWE-532 — Log File Information Exposure3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

9.2%

top 7.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Desktop Central

Timeline

PublishedJul 16

Latest updateMay 14

Description

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the EAS account (an AD account used to send mail), the cleartext password of recovery_password of Android devices, the cleartext password of account "set", the location of devices enrolled in the platform…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_desktop_central< 100251

🔴Vulnerability Details

GHSA

GHSA-7hxq-5r5q-rh58: An issue was discovered in Zoho ManageEngine Desktop Central before 100251↗2022-05-14

▶

CVEList

CVE-2018-11717: An issue was discovered in Zoho ManageEngine Desktop Central before 100251↗2018-07-16

▶