CVE-2019-12252
First published: Tue May 21 2019(Updated: )
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Servicedesk Plus | <=10.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-12252?
The severity of CVE-2019-12252 is medium with a severity value of 6.5.
How does CVE-2019-12252 affect Zoho ManageEngine ServiceDesk Plus?
CVE-2019-12252 allows users with the lowest privileges (guest) in Zoho ManageEngine ServiceDesk Plus version up to 10.5, to view arbitrary posts by appending its number to a specific URL substring.
What is the affected software for CVE-2019-12252?
The affected software for CVE-2019-12252 is Zohocorp Manageengine Servicedesk Plus version up to 10.5.
How can I fix CVE-2019-12252?
To fix CVE-2019-12252, it is recommended to upgrade Zoho ManageEngine ServiceDesk Plus to a version higher than 10.5.
Is there any additional information available about CVE-2019-12252?
Yes, you can find additional information about CVE-2019-12252 at the following references: [Packet Storm](http://packetstormsecurity.com/files/153029/Zoho-ManageEngine-ServiceDesk-Plus-Privilege-Escalation.html), [SecurityFocus](http://www.securityfocus.com/bid/108456), [GitHub](https://github.com/tuyenhva/CVE-2019-12252).
- collector/nvd-index
- vendor/zohocorp
- canonical/zohocorp manageengine servicedesk plus
- version/zohocorp manageengine servicedesk plus/10.5