Zoho Corp ManageEngine Desktop Central 2020-03-27

CPE Details

Zoho Corp ManageEngine Desktop Central 2020-03-27
zohocorp
manageengine_desktop_central
2020-03-27
2020-04-07
16h15 +00:00
2020-04-07
16h15 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:zohocorp:manageengine_desktop_central:2020-03-27:*:*:*:*:*:*:*

Informations

Vendor

zohocorp

Product

manageengine_desktop_central

Version

2020-03-27

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2018-11716 2018-07-16 12h00 +00:00 An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444.
9.8
Critique
CVE-2018-11717 2018-07-16 12h00 +00:00 An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the EAS account (an AD account used to send mail), the cleartext password of recovery_password of Android devices, the cleartext password of account "set", the location of devices enrolled in the platform (with UUID and information related to the name of the person at the location), critical information about all enrolled devices such as Serial Number, UUID, Model, Name, and auth_session_token (usable to spoof a terminal identity on the platform), etc.
9.8
Critique