Lucene search

JpcertCVE-2016-1159

HistoryMar 09, 2020 - 5:15 p.m.

CVE-2016-1159

2020-03-0917:15:11

CWE-200

jpcert

web.nvd.nist.gov

zoho

pmp

8.3.0

8.4.0

vulnerability

sensitive information disclosure

cve-2016-1159

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.002

Percentile

55.3%

JSON

In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.

Affected configurations

Nvd

Vulners

Node

zohocorpmanageengine_password_manager_proMatch8.3build8303

zohocorpmanageengine_password_manager_proMatch8.4build8400

zohocorpmanageengine_password_manager_proMatch8.4build8401

zohocorpmanageengine_password_manager_proMatch8.4build8402

VendorProductVersionCPE
zohocorpmanageengine_password_manager_pro8.3cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.3:build8303:*:*:*:*:*:*
zohocorpmanageengine_password_manager_pro8.4cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.4:build8400:*:*:*:*:*:*
zohocorpmanageengine_password_manager_pro8.4cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.4:build8401:*:*:*:*:*:*
zohocorpmanageengine_password_manager_pro8.4cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.4:build8402:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_password_manager_pro	8.3	cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.3:build8303::::::
zohocorp	manageengine_password_manager_pro	8.4	cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.4:build8400::::::
zohocorp	manageengine_password_manager_pro	8.4	cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.4:build8401::::::
zohocorp	manageengine_password_manager_pro	8.4	cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.4:build8402::::::

CNA Affected

[
  {
    "product": "Password Manager Pro (PMP)",
    "vendor": "ZOHO",
    "versions": [
      {
        "status": "affected",
        "version": "8.3.0 (Build 8303"
      },
      {
        "status": "affected",
        "version": "8.4.0 (Build 8400"
      },
      {
        "status": "affected",
        "version": "8401"
      },
      {
        "status": "affected",
        "version": "8402)."
      }
    ]
  }
]

References

jvn.jp/vu/JVNVU90405898/index.html

excellium-services.com/cert-xlm-advisory/cve-2016-1159/

www.manageengine.com/products/passwordmanagerpro/issues-fixed.html

www.manageengine.com/products/passwordmanagerpro/release-notes.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.002

Percentile

55.3%

JSON

Related for CVE-2016-1159