Zohocorp : Security Vulnerabilities, CVEs, Published In 2019 (Information Leak)
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality
Max CVSS
5.3
EPSS Score
3.19%
Published
2019-08-21
Updated
2024-03-21
An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request.
Max CVSS
5.3
EPSS Score
0.19%
Published
2019-05-23
Updated
2019-05-24
2 vulnerabilities found