Vulnerability Details CVE-2019-15045
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.6%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html
- http://seclists.org/fulldisclosure/2019/Aug/17
- https://www.manageengine.com/products/service-desk/readme.html
- http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html
- http://seclists.org/fulldisclosure/2019/Aug/17
- https://www.manageengine.com/products/service-desk/readme.html
Products affected by CVE-2019-15045
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:12.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9403