CVE-2020-13154
First published: Mon May 18 2020(Updated: )
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Servicedesk Plus | =11.1 | |
| Zohocorp Manageengine Servicedesk Plus | =11.1-11100 | |
| Zohocorp Manageengine Servicedesk Plus | =11.1-11101 | |
| Zohocorp Manageengine Servicedesk Plus | =11.1-11102 | |
| Zohocorp Manageengine Servicedesk Plus | =11.1-11103 | |
| Zohocorp Manageengine Servicedesk Plus | =11.1-11104 | |
| Zohocorp Manageengine Servicedesk Plus | =11.1-11105 | |
| Zohocorp Manageengine Servicedesk Plus | =11.1-11106 | |
| Zohocorp Manageengine Servicedesk Plus | =11.1-11107 | |
| Zohocorp Manageengine Servicedesk Plus | =11.1-11108 | |
| Zohocorp Manageengine Servicedesk Plus | =11.1-11109 | |
| Zohocorp Manageengine Servicedesk Plus | =11.1-11110 | |
| Zohocorp Manageengine Servicedesk Plus | =11.1-11111 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2020-13154.
What is the severity of CVE-2020-13154?
The severity of CVE-2020-13154 is medium, with a severity value of 6.5.
How does CVE-2020-13154 affect Zoho ManageEngine Service Plus?
CVE-2020-13154 allows low-privilege authenticated users of Zoho ManageEngine Service Plus to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
Which versions of Zoho ManageEngine Service Plus are affected by CVE-2020-13154?
Zoho ManageEngine Service Plus versions 11.1 to 11.1 build 11111 are affected by CVE-2020-13154.
How can I fix CVE-2020-13154?
To fix CVE-2020-13154, update Zoho ManageEngine Service Plus to version 11.1 build 11112 or later.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/zohocorp
- canonical/zohocorp manageengine servicedesk plus
- version/zohocorp manageengine servicedesk plus/11.1
- version/zohocorp manageengine servicedesk plus/11.1-11100
- version/zohocorp manageengine servicedesk plus/11.1-11101
- version/zohocorp manageengine servicedesk plus/11.1-11102
- version/zohocorp manageengine servicedesk plus/11.1-11103
- version/zohocorp manageengine servicedesk plus/11.1-11104
- version/zohocorp manageengine servicedesk plus/11.1-11105
- version/zohocorp manageengine servicedesk plus/11.1-11106
- version/zohocorp manageengine servicedesk plus/11.1-11107
- version/zohocorp manageengine servicedesk plus/11.1-11108
- version/zohocorp manageengine servicedesk plus/11.1-11109
- version/zohocorp manageengine servicedesk plus/11.1-11110
- version/zohocorp manageengine servicedesk plus/11.1-11111