CVE-2022-23863Improper Privilege Management in Manageengine Desktop Central

CWE-269Improper Privilege Management3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
3.0%
top 13.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Desktop Central
Timeline
PublishedJan 28
Latest updateJan 29

Description

Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

Patches

Patch: www.manageengine.comPatch: www.manageengine.com

🔴Vulnerability Details

2
GHSA
GHSA-hh9q-3234-5wjp: Zoho ManageEngine Desktop Central before 102022-01-29
CVEList
CVE-2022-23863: Zoho ManageEngine Desktop Central before 102022-01-28
CVE-2022-23863 — Improper Privilege Management | cvebase