An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
zohocorp manageengine mobile device manager plus 10.1.2207.4 |
||
zohocorp manageengine appcreator |
||
zohocorp manageengine analytics plus |
||
zohocorp manageengine endpoint central msp |
||
zohocorp manageengine endpoint central |
||
zohocorp manageengine remote monitoring and management |
||
zohocorp manageengine os deployer |
||
zohocorp manageengine remote access plus |
||
zohocorp manageengine mobile device manager plus |
||
zohocorp manageengine application control plus |
||
zohocorp manageengine vulnerability manager plus |
||
zohocorp manageengine browser security plus |
||
zohocorp manageengine patch manager plus |
||
zohocorp manageengine device control plus |
||
zohocorp manageengine endpoint dlp plus |
||
zohocorp manageengine adselfservice plus 6.3 |
||
zohocorp manageengine adselfservice plus |
||
zohocorp manageengine admanager plus |
||
zohocorp manageengine admanager plus 7.2 |
||
zohocorp manageengine adaudit plus 7.2 |
||
zohocorp manageengine adaudit plus |
||
zohocorp manageengine cloud security plus 4.1 |
||
zohocorp manageengine cloud security plus |
||
zohocorp manageengine datasecurity plus 6.1 |
||
zohocorp manageengine datasecurity plus |
||
zohocorp manageengine exchange reporter plus 5.7 |
||
zohocorp manageengine exchange reporter plus |
||
zohocorp manageengine m365 manager plus 4.5 |
||
zohocorp manageengine m365 manager plus |
||
zohocorp manageengine m365 security plus 4.5 |
||
zohocorp manageengine m365 security plus |
||
zohocorp manageengine sharepoint manager plus 4.4 |
||
zohocorp manageengine sharepoint manager plus |
||
zohocorp manageengine recoverymanager plus |
||
zohocorp manageengine recoverymanager plus 6.0 |
||
zohocorp manageengine log360 ueba 4.0 |
||
zohocorp manageengine log360 ueba |
||
zohocorp manageengine patch connect plus 9.0.0 |
||
zohocorp manageengine secure gateway server 9.0 |
||
zohocorp manageengine secure gateway server |
||
zohocorp manageengine_opmanager |
||
zohocorp manageengine_opmanager 12.5 |
||
zohocorp manageengine_opmanager 12.7 |
||
zohocorp manageengine_oputils |
||
zohocorp manageengine_oputils 12.5 |
||
zohocorp manageengine_oputils 12.7 |
||
zohocorp manageengine_firewall_analyzer |
||
zohocorp manageengine_firewall_analyzer 12.5 |
||
zohocorp manageengine_firewall_analyzer 12.7 |
||
zohocorp manageengine_netflow_analyzer |
||
zohocorp manageengine_netflow_analyzer 12.5 |
||
zohocorp manageengine_netflow_analyzer 12.7 |
||
zohocorp manageengine_network_configuration_manager |
||
zohocorp manageengine_network_configuration_manager 12.5 |
||
zohocorp manageengine_network_configuration_manager 12.7 |
||
zohocorp manageengine servicedesk plus 14.3 |
||
zohocorp manageengine servicedesk plus |
||
zohocorp manageengine assetexplorer 7.0 |
||
zohocorp manageengine assetexplorer |
||
zohocorp manageengine servicedesk plus msp |
||
zohocorp manageengine servicedesk plus msp 14.3 |
||
zohocorp manageengine access manager plus 4.3 |
||
zohocorp manageengine access manager plus |
||
zohocorp manageengine supportcenter plus |
||
zohocorp manageengine supportcenter plus 14.3 |
||
zohocorp manageengine pam360 |
||
zohocorp manageengine password manager pro |
Vulmon