CVE-2018-11716
First published: Mon Jul 16 2018(Updated: )
An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Desktop Central | <100230 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-11716?
The severity of CVE-2018-11716 is critical (9.8).
How can an unauthenticated attacker access log files in Zoho ManageEngine Desktop Central?
An unauthenticated remote attacker can access log files in Zoho ManageEngine Desktop Central.
What kind of information can be found in the log files of Zoho ManageEngine Desktop Central?
The log files of Zoho ManageEngine Desktop Central may contain critical information such as private information, location of enrolled devices, cleartext passwords, patching level, etc.
What is the affected software version of CVE-2018-11716?
The affected software version of CVE-2018-11716 is Zoho ManageEngine Desktop Central before 100230.
Is authentication required to exploit CVE-2018-11716?
No, authentication is not required to exploit CVE-2018-11716.
- collector/nvd-index
- vendor/zohocorp
- canonical/zohocorp manageengine desktop central