CVE-2022-26777Forced Browsing in Manageengine Remote Access Plus

CWE-425Forced BrowsingCWE-668Resource ExposureCWE-369Divide By Zero4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
2.1%
top 16.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Remote Access Plus
Timeline
PublishedApr 16
Latest updateApr 3

Description

Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-gjq6-54j6-8rpm: Zoho ManageEngine Remote Access Plus before 102022-04-17
CVEList
CVE-2022-26777: Zoho ManageEngine Remote Access Plus before 102022-04-16

📋Vendor Advisories

1
Red Hat
kernel: fbdev: sis: Error out if pixclock equals zero2024-04-03
CVE-2022-26777 — Forced Browsing | cvebase