CVE-2020-14048

CWE-306 — Missing Authentication3 documents3 sources

Severity

7.5HIGH

EPSS

25.0%

top 3.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Servicedesk Plus

Timeline

PublishedJun 12

Latest updateMay 24

Description

Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDzohocorp/manageengine_servicedesk_plus10 versions+9

🔴Vulnerability Details

GHSA

GHSA-5966-43rw-rxw4: Zoho ManageEngine ServiceDesk Plus before 11↗2022-05-24

▶

CVEList

CVE-2020-14048: Zoho ManageEngine ServiceDesk Plus before 11↗2020-06-12

▶