CVE-2019-17112
MEDIUMZoho ManageEngine DataSecurity Plus <5.0.1 5012 - Info Disclosure
Title source: llmDescription
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password).
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.manageengine.com/data-security/release-notes.html
Third Party Advisory x_refsource_misc
https://excellium-services.com/cert-xlm-advisory/cve-2019-17112/
Scores
CVSS v3
4.3
EPSS
0.0065
EPSS Percentile
71.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-552
Status
published
Products (5)
zohocorp/manageengine_datasecurity_plus
4.0 4000 (5 CPE variants)
zohocorp/manageengine_datasecurity_plus
4.1 4100 (5 CPE variants)
zohocorp/manageengine_datasecurity_plus
4.2 4200 (4 CPE variants)
zohocorp/manageengine_datasecurity_plus
4.3 4300 (3 CPE variants)
zohocorp/manageengine_datasecurity_plus
5.0 5000 (7 CPE variants)
Published
Oct 09, 2019
Tracked Since
Feb 18, 2026