Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
References
Link | Resource |
---|---|
https://www.manageengine.com/products/desktop-central/cve-2022-23779.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-02T14:31:30
Updated: 2022-03-02T14:31:30
Reserved: 2022-01-20T00:00:00
Link: CVE-2022-23779
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-02T15:15:08.037
Modified: 2022-03-09T19:01:39.950
Link: CVE-2022-23779
JSON object: View
Redhat Information
No data.
CWE