Vulnerabilities > CVE-2019-12959 - Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Assetexplorer 4.0/5.6/6.1

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

zohocorp

CWE-918

NVD

Published: 2019-08-08

Updated: 2019-08-16

Summary

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter.

Vulnerable Configurations

Part	Description	Count
Application	Zohocorp Zohocorp Manageengine Assetexplorer 4.0 Zohocorp Manageengine Assetexplorer 5.6 Zohocorp Manageengine Assetexplorer 6.1	45

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://excellium-services.com/cert-xlm-advisory/cve-2019-12959/