In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.
References
Link | Resource |
---|---|
https://www.manageengine.com/products/passwordmanagerpro/release-notes.html | Release Notes |
https://www.manageengine.com/products/passwordmanagerpro/issues-fixed.html | Vendor Advisory |
https://excellium-services.com/cert-xlm-advisory/cve-2016-1159/ | Third Party Advisory |
http://jvn.jp/vu/JVNVU90405898/index.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-03-09 10:15
Updated : 2020-03-10 10:06
NVD link : CVE-2016-1159
Mitre link : CVE-2016-1159
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
zohocorp
- manageengine_password_manager_pro