Vulnerability Details CVE-2019-15046
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.054
EPSS Ranking 89.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html
- http://seclists.org/fulldisclosure/2019/Aug/17
- https://seclists.org/bugtraq/2019/Aug/37
- https://www.manageengine.com/products/service-desk/readme.html#10509
- http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html
- http://seclists.org/fulldisclosure/2019/Aug/17
- https://seclists.org/bugtraq/2019/Aug/37
- https://www.manageengine.com/products/service-desk/readme.html#10509
Products affected by CVE-2019-15046
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:12.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9403