CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-10008

Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.095

EPSS Ranking 92.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://www.exploit-db.com/exploits/46659
https://www.manageengine.com/products/service-desk/readme.html
https://www.exploit-db.com/exploits/46659
https://www.manageengine.com/products/service-desk/readme.html

Products affected by CVE-2019-10008

Zohocorp » Servicedesk Plus » Version: 9.3

cpe:2.3:a:zohocorp:servicedesk_plus:9.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10008

Products

Pricing

Contact Us