CVE-2020-13154

Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
zohocorpmanageengine_servicedesk_plus
11.1
zohocorpmanageengine_servicedesk_plus
11.1:11100
zohocorpmanageengine_servicedesk_plus
11.1:11101
zohocorpmanageengine_servicedesk_plus
11.1:11102
zohocorpmanageengine_servicedesk_plus
11.1:11103
zohocorpmanageengine_servicedesk_plus
11.1:11104
zohocorpmanageengine_servicedesk_plus
11.1:11105
zohocorpmanageengine_servicedesk_plus
11.1:11106
zohocorpmanageengine_servicedesk_plus
11.1:11107
zohocorpmanageengine_servicedesk_plus
11.1:11108
zohocorpmanageengine_servicedesk_plus
11.1:11109
zohocorpmanageengine_servicedesk_plus
11.1:11110
zohocorpmanageengine_servicedesk_plus
11.1:11111
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gitlab.com/eLeN3Re/CVE-2020-13154
https://www.manageengine.com/products/service-desk/on-premises/readme.html
https://gitlab.com/eLeN3Re/CVE-2020-13154
https://www.manageengine.com/products/service-desk/on-premises/readme.html