CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-13154

Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.3%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

https://gitlab.com/eLeN3Re/CVE-2020-13154
https://www.manageengine.com/products/service-desk/on-premises/readme.html
https://gitlab.com/eLeN3Re/CVE-2020-13154
https://www.manageengine.com/products/service-desk/on-premises/readme.html

Products affected by CVE-2020-13154

Zohocorp » Manageengine Servicedesk Plus » Version: 11.1

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-13154

Products

Pricing

Contact Us