Vulnerability Details CVE-2019-10273
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.154
EPSS Ranking 94.3%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
- http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html
- https://0x445.github.io/CVE-2019-10273/
- https://www.exploit-db.com/exploits/46674/
- http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html
- https://0x445.github.io/CVE-2019-10273/
- https://www.exploit-db.com/exploits/46674/
Products affected by CVE-2019-10273
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3