CVE Vulnerability

CVE-2019-17112

An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password).

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

4.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://excellium-services.com/cert-xlm-advisory/cve-2019-17112/ Third Party Advisory
https://www.manageengine.com/data-security/release-notes.html Release Notes Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.0:4000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.0:4002:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.0:4010:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.0:4015:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.0:4016:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.1:4100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.1:4101:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.1:4110:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.1:4111:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.1:4120:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.2:4200:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.2:4201:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.2:4210:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.2:4211:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.3:4300:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.3:4301:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.3:4302:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:5.0:5000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:5.0:5001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:5.0:5002:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:5.0:5003:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:5.0:5004:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:5.0:5010:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:5.0:5011:*:*:*:*:*:*
Information

Published : 2019-10-09 08:15

Updated : 2019-11-20 09:05

NVD link : CVE-2019-17112

Mitre link : CVE-2019-17112

Products Affected

Manageengine Datasecurity Plus

Zohocorp

CWE
CWE-552