CVE-2020-13154 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2020-13154

Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.

Published: May 19, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-13154
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_servicedesk_plus	11.1	11.1.x
zohocorp / manageengine_servicedesk_plus	11.1-11111	11.1-11111.x
zohocorp / manageengine_servicedesk_plus	11.1-11110	11.1-11110.x
zohocorp / manageengine_servicedesk_plus	11.1-11109	11.1-11109.x
zohocorp / manageengine_servicedesk_plus	11.1-11108	11.1-11108.x
zohocorp / manageengine_servicedesk_plus	11.1-11107	11.1-11107.x
zohocorp / manageengine_servicedesk_plus	11.1-11106	11.1-11106.x
zohocorp / manageengine_servicedesk_plus	11.1-11105	11.1-11105.x
zohocorp / manageengine_servicedesk_plus	11.1-11104	11.1-11104.x
zohocorp / manageengine_servicedesk_plus	11.1-11103	11.1-11103.x
zohocorp / manageengine_servicedesk_plus	11.1-11102	11.1-11102.x
zohocorp / manageengine_servicedesk_plus	11.1-11101	11.1-11101.x
zohocorp / manageengine_servicedesk_plus	11.1-11100	11.1-11100.x