Main Vulnerability Database Vulnerabilities #VU79438

Cleartext storage of sensitive information in Zoho ManageEngine ServiceDesk Plus MSP - #VU79438

Published: August 11, 2023

Vulnerability identifier: #VU79438

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-312

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Zoho ManageEngine ServiceDesk Plus MSP

Software vendor:
Zoho Corporation

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to the API key is stored unencrypted in the server configuration table. An attacker with access to the server configuration table can obtain the key and use it to query the database.

Remediation

Install updates from vendor's website.

External links

https://www.manageengine.com/products/service-desk-msp/readme.html#14305

Cleartext storage of sensitive information in Zoho ManageEngine ServiceDesk Plus MSP - #VU79438

Description

Remediation

External links

Please verify you're human