Vulnerabilities > CVE-2020-8422 - Unspecified vulnerability in Zohocorp Manageengine Remote Access Plus

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

zohocorp

NVD

Published: 2020-01-31

Updated: 2021-07-21

Summary

An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).

Vulnerable Configurations

Part	Description	Count
Application	Zohocorp Zohocorp Manageengine Remote Access Plus - Zohocorp Manageengine Remote Access Plus 10.0.252 Zohocorp Manageengine Remote Access Plus 10.0.253 Zohocorp Manageengine Remote Access Plus 10.0.254 Zohocorp Manageengine Remote Access Plus 10.0.255 Zohocorp Manageengine Remote Access Plus 10.0.256 Zohocorp Manageengine Remote Access Plus 10.0.257 Zohocorp Manageengine Remote Access Plus 10.0.258 Zohocorp Manageengine Remote Access Plus 10.0.259 Zohocorp Manageengine Remote Access Plus 10.0.415 Zohocorp Manageengine Remote Access Plus 10.0.416 Zohocorp Manageengine Remote Access Plus 10.0.421 Zohocorp Manageengine Remote Access Plus 10.0.422 Zohocorp Manageengine Remote Access Plus 10.0.428 Zohocorp Manageengine Remote Access Plus 10.0.430 Zohocorp Manageengine Remote Access Plus 10.0.431 Zohocorp Manageengine Remote Access Plus 10.0.432 Zohocorp Manageengine Remote Access Plus 10.0.433 Zohocorp Manageengine Remote Access Plus 10.0.434 Zohocorp Manageengine Remote Access Plus 10.0.435 Zohocorp Manageengine Remote Access Plus 10.0.436 Zohocorp Manageengine Remote Access Plus 10.0.440 Zohocorp Manageengine Remote Access Plus 10.0.447 Zohocorp Manageengine Remote Access Plus 10.0.448	24

Summary

Vulnerable Configurations

References