CVE-2020-8422
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).
Se detectó un problema de autorización en la funcionalidad Credential Manager en Zoho ManageEngine Remote Access Plus versiones anteriores a 10.0.450. Un usuario con el rol Invitado puede extraer la colección de todas las credenciales definidas de máquinas remotas: el nombre de credencial, el tipo de credencial, el nombre de usuario, el nombre de dominio y grupo de trabajo y la descripción (pero no la contraseña).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-28 CVE Reserved
- 2020-01-31 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://excellium-services.com/cert-xlm-advisory/CVE-2020-8422 | Third Party Advisory | |
| https://excellium-services.com/cert-xlm-advisory/cve-2020-8422 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zohocorp Search vendor "Zohocorp" | Manageengine Remote Access Plus Search vendor "Zohocorp" for product "Manageengine Remote Access Plus" | < 10.0.450 Search vendor "Zohocorp" for product "Manageengine Remote Access Plus" and version " < 10.0.450" | - |
Affected
| ||||||