CVE-2019-7162

EUVD-2019-16712
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
zohocorpmanageengine_adselfservice_plus
5.6:5607
𝑥
= Vulnerable software versions
References
https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-7162
https://www.excellium-services.com/cert-xlm-advisory
https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/
https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/