CVE-2021-33617

Sažetak

Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid.

Reference

https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11200
https://herolab.usd.de/security-advisories/usd-2021-0015/
https://www.manageengine.com

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

10-08-2021 - 00:50

Objavljeno

31-07-2021 - 17:15