Vulnerability Details CVE-2015-2560
Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.204
EPSS Ranking 95.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/131062/Manage-Engine-Desktop-Central-9-Unauthorized-Administrative-Password-Reset.html
- http://www.securityfocus.com/archive/1/535004/100/1400/threaded
- http://www.securityfocus.com/bid/73380
- https://www.manageengine.com/products/desktop-central/unauthorized-admin-credential-modification.html
- http://packetstormsecurity.com/files/131062/Manage-Engine-Desktop-Central-9-Unauthorized-Administrative-Password-Reset.html
- http://www.securityfocus.com/archive/1/535004/100/1400/threaded
- http://www.securityfocus.com/bid/73380
- https://www.manageengine.com/products/desktop-central/unauthorized-admin-credential-modification.html
Products affected by CVE-2015-2560
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:9.0