First published: Fri Jan 31 2020(Updated: )
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp Manageengine Remote Access Plus | <10.0.450 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
An authorization issue was discovered in the Credential Manager feature.
The severity of CVE-2020-8422 is medium with a CVSS score of 4.3.
The vulnerability allows a user with the Guest role to extract the collection of all defined credentials of remote machines.
The affected version of Zoho ManageEngine Remote Access Plus is up to exclusive version 10.0.450.
Yes, you can find more information about CVE-2020-8422 in the following references: [link1](https://excellium-services.com/cert-xlm-advisory/CVE-2020-8422), [link2](https://excellium-services.com/cert-xlm-advisory/cve-2020-8422/).