Vulnerabilities > CVE-2019-12959 - Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Assetexplorer

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

zohocorp

CWE-918

NVD

Published: 2019-08-08

Updated: 2024-11-21

Summary

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter.

Vulnerable Configurations

Part	Description	Count
Application	Zohocorp Zohocorp Manageengine Assetexplorer - Zohocorp Manageengine Assetexplorer 1.0.34 Zohocorp Manageengine Assetexplorer 4.0 Zohocorp Manageengine Assetexplorer 5.6 Zohocorp Manageengine Assetexplorer 6.1	47

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://excellium-services.com/cert-xlm-advisory/cve-2019-12959/
https://excellium-services.com/cert-xlm-advisory/cve-2019-12959/