CVE-2019-12994
CRITICALManageEngine AssetExplorer 6.2.0 - Server-Side Request Forgery via AJaxServlet Parameter
Title source: llmDescription
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.excellium-services.com/cert-xlm-advisory/CVE-2019-12994
Scores
CVSS v3
9.1
EPSS
0.0167
EPSS Percentile
82.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-918
Status
published
Products (1)
zohocorp/manageengine_assetexplorer
6.2.0
Published
Aug 08, 2019
Tracked Since
Feb 18, 2026