CVE-2020-11946 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2020-11946

Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.

Published: Apr 20, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-11946
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_opmanager	12.5-build125000	12.5-build125000.x
zohocorp / manageengine_opmanager	12.5-build125002	12.5-build125002.x
zohocorp / manageengine_opmanager	12.5-build125100	12.5-build125100.x
zohocorp / manageengine_opmanager	12.5-build125101	12.5-build125101.x
zohocorp / manageengine_opmanager	12.5-build125102	12.5-build125102.x
zohocorp / manageengine_opmanager	12.5-build125108	12.5-build125108.x
zohocorp / manageengine_opmanager	12.5-build125110	12.5-build125110.x
zohocorp / manageengine_opmanager	12.5-build125111	12.5-build125111.x
zohocorp / manageengine_opmanager	12.5-build125112	12.5-build125112.x
zohocorp / manageengine_opmanager	12.5-build125113	12.5-build125113.x
zohocorp / manageengine_opmanager	12.5-build125114	12.5-build125114.x
zohocorp / manageengine_opmanager	12.5-build125116	12.5-build125116.x
zohocorp / manageengine_opmanager	12.5-build125117	12.5-build125117.x
zohocorp / manageengine_opmanager	12.5-build125118	12.5-build125118.x