CVE-2019-10273

Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
zohocorpmanageengine_servicedesk_plus
9.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html
https://0x445.github.io/CVE-2019-10273/
https://www.exploit-db.com/exploits/46674/
http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html
https://0x445.github.io/CVE-2019-10273/
https://www.exploit-db.com/exploits/46674/