CVE-2019-10273
MEDIUMZohocorp Manageengine Servicedesk Plus - Authentication Bypass
Title source: ruleDescription
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
Exploits (1)
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://0x445.github.io/CVE-2019-10273/
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/46674/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html
Scores
CVSS v3
4.3
EPSS
0.1370
EPSS Percentile
94.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-287
Status
published
Products (1)
zohocorp/manageengine_servicedesk_plus
9.3
Published
Apr 04, 2019
Tracked Since
Feb 18, 2026