Main Vulnerability Database Vulnerabilities #VU35879

Information disclosure in ManageEngine Applications Manager - CVE-2017-11557

Published: May 23, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35879

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-11557

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Zoho Corporation

Affected software:
ManageEngine Applications Manager

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request.

How to mitigate CVE-2017-11557

Install update from vendor's website.

Information disclosure in ManageEngine Applications Manager - CVE-2017-11557

Detailed vulnerability description

How to mitigate CVE-2017-11557

Sources

Please verify you're human