Zohocorp: >> Manageengine Remote Access Plus >> 10.0.258 Security Vulnerabilities
Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-03-19
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).
CVSS Score
4.3
EPSS Score
0.003
Published
2020-01-31
Page 2