CVE-2018-11716
CRITICALZohocorp Manageengine Desktop Central - Log Information Exposure
Title source: ruleDescription
An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://blog.netxp.fr/manageengine-deep-exploitation/
Vendor Advisory x_refsource_confirm
https://www.manageengine.com/products/desktop-central/vulnerability-in-log-files.html
Scores
CVSS v3
9.8
EPSS
0.0905
EPSS Percentile
92.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-532
Status
published
Products (1)
zohocorp/manageengine_desktop_central
< 100230
Published
Jul 16, 2018
Tracked Since
Feb 18, 2026