What is CVE-2019-17112?

CVE-2019-17112 is an issue discovered in Zoho ManageEngine DataSecurity Plus before version 5.0.1 5012 that allows a basic user with "Operator" access level to access the configuration file of the mail server (except for the password).

How severe is CVE-2019-17112?

CVE-2019-17112 has a severity value of 4.3, which is considered medium.

Which software versions are affected by CVE-2019-17112?

Zoho ManageEngine DataSecurity Plus versions 4.0-4000 to 5.0-5011 are affected by CVE-2019-17112.

How can I fix CVE-2019-17112?

To fix CVE-2019-17112, update Zoho ManageEngine DataSecurity Plus to version 5.0.1 5012 or later.

Where can I find more information about CVE-2019-17112?

You can find more information about CVE-2019-17112 at the following references: - https://excellium-services.com/cert-xlm-advisory/cve-2019-17112/ - https://www.manageengine.com/data-security/release-notes.html

Vulnerability/
CVE-2019-17112

medium

4.3

CWE

552

9/10/2019

5/8/2024

CVE-2019-17112

First published: Wed Oct 09 2019(Updated: )

An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password).

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zohocorp Manageengine Datasecurity Plus	=4.0-4000
Zohocorp Manageengine Datasecurity Plus	=4.0-4002
Zohocorp Manageengine Datasecurity Plus	=4.0-4010
Zohocorp Manageengine Datasecurity Plus	=4.0-4015
Zohocorp Manageengine Datasecurity Plus	=4.0-4016
Zohocorp Manageengine Datasecurity Plus	=4.1-4100
Zohocorp Manageengine Datasecurity Plus	=4.1-4101
Zohocorp Manageengine Datasecurity Plus	=4.1-4110
Zohocorp Manageengine Datasecurity Plus	=4.1-4111
Zohocorp Manageengine Datasecurity Plus	=4.1-4120
Zohocorp Manageengine Datasecurity Plus	=4.2-4200
Zohocorp Manageengine Datasecurity Plus	=4.2-4201
Zohocorp Manageengine Datasecurity Plus	=4.2-4210
Zohocorp Manageengine Datasecurity Plus	=4.2-4211
Zohocorp Manageengine Datasecurity Plus	=4.3-4300
Zohocorp Manageengine Datasecurity Plus	=4.3-4301
Zohocorp Manageengine Datasecurity Plus	=4.3-4302
Zohocorp Manageengine Datasecurity Plus	=5.0-5000
Zohocorp Manageengine Datasecurity Plus	=5.0-5001
Zohocorp Manageengine Datasecurity Plus	=5.0-5002
Zohocorp Manageengine Datasecurity Plus	=5.0-5003
Zohocorp Manageengine Datasecurity Plus	=5.0-5004
Zohocorp Manageengine Datasecurity Plus	=5.0-5010
Zohocorp Manageengine Datasecurity Plus	=5.0-5011

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-17112?
CVE-2019-17112 is an issue discovered in Zoho ManageEngine DataSecurity Plus before version 5.0.1 5012 that allows a basic user with "Operator" access level to access the configuration file of the mail server (except for the password).
How severe is CVE-2019-17112?
CVE-2019-17112 has a severity value of 4.3, which is considered medium.
Which software versions are affected by CVE-2019-17112?
Zoho ManageEngine DataSecurity Plus versions 4.0-4000 to 5.0-5011 are affected by CVE-2019-17112.
How can I fix CVE-2019-17112?
To fix CVE-2019-17112, update Zoho ManageEngine DataSecurity Plus to version 5.0.1 5012 or later.
Where can I find more information about CVE-2019-17112?
You can find more information about CVE-2019-17112 at the following references: - https://excellium-services.com/cert-xlm-advisory/cve-2019-17112/ - https://www.manageengine.com/data-security/release-notes.html

collector/nvd-index
agent/weakness
agent/references
agent/severity
agent/author
agent/type
agent/tags
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/zohocorp
canonical/zohocorp manageengine datasecurity plus
version/zohocorp manageengine datasecurity plus/4.0-4000
version/zohocorp manageengine datasecurity plus/4.0-4002
version/zohocorp manageengine datasecurity plus/4.0-4010
version/zohocorp manageengine datasecurity plus/4.0-4015
version/zohocorp manageengine datasecurity plus/4.0-4016
version/zohocorp manageengine datasecurity plus/4.1-4100
version/zohocorp manageengine datasecurity plus/4.1-4101
version/zohocorp manageengine datasecurity plus/4.1-4110
version/zohocorp manageengine datasecurity plus/4.1-4111
version/zohocorp manageengine datasecurity plus/4.1-4120
version/zohocorp manageengine datasecurity plus/4.2-4200
version/zohocorp manageengine datasecurity plus/4.2-4201
version/zohocorp manageengine datasecurity plus/4.2-4210
version/zohocorp manageengine datasecurity plus/4.2-4211
version/zohocorp manageengine datasecurity plus/4.3-4300
version/zohocorp manageengine datasecurity plus/4.3-4301
version/zohocorp manageengine datasecurity plus/4.3-4302
version/zohocorp manageengine datasecurity plus/5.0-5000
version/zohocorp manageengine datasecurity plus/5.0-5001
version/zohocorp manageengine datasecurity plus/5.0-5002
version/zohocorp manageengine datasecurity plus/5.0-5003
version/zohocorp manageengine datasecurity plus/5.0-5004
version/zohocorp manageengine datasecurity plus/5.0-5010
version/zohocorp manageengine datasecurity plus/5.0-5011