Vulnerability Details : CVE-2019-19774
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column.
Products affected by CVE-2019-19774
- cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-19774
3.88%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-19774
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2019-19774
-
https://www.manageengine.com/products/eventlog/features-new.html#release
Eventlog Analyzer Latest FeaturesVendor Advisory
-
https://gist.github.com/scottgoodwin90/19ccecdc9f5733c0a9381765cfc7fe39
Authenticated Information Disclosure in ManageEngine EventLog Analyzer · GitHubThird Party Advisory
-
http://packetstormsecurity.com/files/156485/ManageEngine-EventLog-Analyzer-10.0-Information-Disclosure.html
ManageEngine EventLog Analyzer 10.0 Information Disclosure ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to