cbcvebase.
CVE-2023-6105
published 2023-11-15

CVE-2023-6105: An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user…

PriorityP427medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.69%
48.3th percentile
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.

Affected

75 ranges· showing 25
VendorProductVersion rangeFixed in
manageengineaccess_manager_plus< 1430414304
manageengineasset_explorer< 70047004
manageengineservice_desk_plus< 1430414304
zohocorpmanageengine_access_manager_plus< 4.34.3
zohocorpmanageengine_access_manager_plus
zohocorpmanageengine_adaudit_plus< 7.27.2
zohocorpmanageengine_adaudit_plus
zohocorpmanageengine_admanager_plus< 7.27.2
zohocorpmanageengine_admanager_plus
zohocorpmanageengine_adselfservice_plus< 6.36.3
zohocorpmanageengine_adselfservice_plus
zohocorpmanageengine_analytics_plus< 5.35.3
zohocorpmanageengine_appcreator< 2.0.02.0.0
zohocorpmanageengine_application_control_plus< 11.2.2328.0111.2.2328.01
zohocorpmanageengine_assetexplorer< 7.07.0
zohocorpmanageengine_assetexplorer
zohocorpmanageengine_browser_security_plus< 11.2.2328.0111.2.2328.01
zohocorpmanageengine_cloud_security_plus< 4.14.1
zohocorpmanageengine_cloud_security_plus
zohocorpmanageengine_datasecurity_plus< 6.16.1
zohocorpmanageengine_datasecurity_plus
zohocorpmanageengine_device_control_plus< 11.2.2328.0111.2.2328.01
zohocorpmanageengine_endpoint_central< 11.2.2322.0111.2.2322.01
zohocorpmanageengine_endpoint_central_msp< 11.2.2322.0111.2.2322.01
zohocorpmanageengine_endpoint_dlp_plus< 11.2.2328.0111.2.2328.01
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.