First published: Thu May 23 2019(Updated: )
An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp ManageEngine Applications Manager | =12.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-11557 is medium with a CVSS score of 5.3.
An unauthenticated user can exploit CVE-2017-11557 by sending a specially crafted request to userconfiguration.do?method=editUser, which allows them to view the list of domain names and usernames used in a company's network environment.
Only version 12.3 of ZOHO ManageEngine Applications Manager is affected by CVE-2017-11557.
No, authentication is not required to exploit CVE-2017-11557.
Yes, a patch or update may be available from ZOHO to fix the vulnerability. It is recommended to check the official ZOHO ManageEngine Applications Manager website for the latest information.