CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 1CVE-2018-11716
https://notcve.org/view.php?id=CVE-2018-11716
16 Jul 2018 — An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 100230. Hay un acceso remoto no autenticado a todos los archivos de registro de una instancia Desktop ... • https://blog.netxp.fr/manageengine-deep-exploitation • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 1CVE-2018-11717
https://notcve.org/view.php?id=CVE-2018-11717
16 Jul 2018 — An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the EAS account (an AD account used to send mail), the cleartext password of recovery_password of Android devices, the cleartext password of account "set", the location of devices enrolled in the platform (with UUID ... • https://blog.netxp.fr/manageengine-deep-exploitation • CWE-532: Insertion of Sensitive Information into Log File •