CVE-2014-5377 – ManageEngine DeviceExpert 5.9 - User Credential Disclosure

https://notcve.org/view.php?id=CVE-2014-5377

ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request. ReadUsersFromMasterServlet en ManageEngine DeviceExpert anterior a 5.9 build 5981 permite a atacantes remotos obtener las credenciales de las cuentas de los usuarios a través de una solicitud directa. • https://www.exploit-db.com/exploits/34449 http://packetstormsecurity.com/files/128019/ManageEngine-DeviceExpert-5.9-Credential-Disclosure.html http://seclists.org/fulldisclosure/2014/Aug/75 http://seclists.org/fulldisclosure/2014/Aug/76 http://seclists.org/fulldisclosure/2014/Aug/84 http://www.exploit-db.com/exploits/34449 http://www.manageengine.com/products/device-expert/release-notes.html http://www.securityfocus.com/archive/1/533250/100/0/threaded http://www.securityfocus.com/bid/694 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •