CVE-2019-17112

Medium

An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access…

mitre·CWE-552·Published 2019-10-09

CVSS

4.3

EPSS

0.02

KEV

Exploits

cve.orgen

225 chars

An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password).

NVDen

225 chars

NVDes

264 chars

Se detectó un problema en Zoho ManageEngine DataSecurity Plus versiones anteriores a 5.0.1 5012. Un servicio expuesto permite que un usuario básico (nivel de acceso "Operator") acceda al archivo de configuración del servidor de correo (excepto para la contraseña).

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.0	8.0	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
3.0	Primary	cve.org	4.3	—	—	CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N