CVE-2019-10273

EUVD-2019-2276
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
zohocorpmanageengine_servicedesk_plus
9.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html
https://0x445.github.io/CVE-2019-10273/
https://www.exploit-db.com/exploits/46674/
http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html
https://0x445.github.io/CVE-2019-10273/
https://www.exploit-db.com/exploits/46674/