CVE-2022-24447

Sažetak

An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.

Reference

https://cds.thalesgroup.com/en/tcs-cert/CVE-2022-24447
https://excellium-services.com/cert-xlm-advisory/cve-2022-24447/
https://www.manageengine.com/key-manager/release-notes.html#6200
https://excellium-services.com/cert-xlm-advisory/cve-2022-24447/
https://www.manageengine.com/key-manager/release-notes.html#6200

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

30-05-2025 - 16:15

Objavljeno

02-03-2022 - 15:15