Vulnerability Details CVE-2019-7161
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 84.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-7161
- https://www.excellium-services.com/cert-xlm-advisory
- https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/
- https://www.manageengine.com/products/self-service-password/release-notes.html
- https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/
- https://www.manageengine.com/products/self-service-password/release-notes.html
Products affected by CVE-2019-7161
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6
-
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7