An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).
References
Link | Resource |
---|---|
https://excellium-services.com/cert-xlm-advisory/CVE-2020-8422 | Third Party Advisory |
https://excellium-services.com/cert-xlm-advisory/cve-2020-8422/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-31T15:25:11
Updated: 2020-01-31T15:27:25
Reserved: 2020-01-28T00:00:00
Link: CVE-2020-8422
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-31T16:15:10.690
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-8422
JSON object: View
Redhat Information
No data.
CWE