CVE-2022-25245

CWE-306Missing AuthenticationCWE-200Information Exposure3 documents3 sources
Severity
5.3MEDIUM
EPSS
2.9%
top 13.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Servicedesk Plus
Timeline
PublishedApr 5
Latest updateApr 6

Description

Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

Patches

Patch: www.manageengine.comPatch: www.manageengine.com

🔴Vulnerability Details

2
GHSA
GHSA-5xr9-mx6m-3c8g: Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name2022-04-06
CVEList
CVE-2022-25245: Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name2022-04-05
CVE-2022-25245 (MEDIUM CVSS 5.3) | Zoho ManageEngine ServiceDesk Plus | cvebase.io