Zohocorp: >> Manageengine Password Manager Pro >> 9.5 Security Vulnerabilities
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid.
CVSS Score
5.3
EPSS Score
0.005
Published
2021-07-31
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.
CVSS Score
5.9
EPSS Score
0.005
Published
2021-06-16
Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-03-16
Page 2