CVE-2020-13154

Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.

Link	Resource
https://www.manageengine.com/products/service-desk/on-premises/readme.html	Release Notes Vendor Advisory
https://gitlab.com/eLeN3Re/CVE-2020-13154	Exploit Third Party Advisory

Configuration 1

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:-:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*

---

Published : 2020-05-18 10:15

Updated : 2021-07-21 11:39

---

NVD link : CVE-2020-13154

Mitre link : CVE-2020-13154

No products.

CWE-862