Lucene search

MitreCVE-2020-8509

HistoryMar 30, 2020 - 6:15 p.m.

CVE-2020-8509

2020-03-3018:15:12

CWE-306

mitre

web.nvd.nist.gov

cve-2020-8509

zoho

manageengine

desktop central

pdfgenerationservlet

sensitive information disclosure

unauthenticated access

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.006

Percentile

79.2%

JSON

Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure.

Affected configurations

Nvd

Node

zohocorpmanageengine_desktop_centralRange<10.0.483

VendorProductVersionCPE
zohocorpmanageengine_desktop_central*cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_desktop_central	*	cpe:2.3:a:zohocorp:manageengine_desktop_central::::::::

References

www.manageengine.com/products/desktop-central/unauthenticated-servlet-access.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.006

Percentile

79.2%

JSON

Related for CVE-2020-8509