CVE-2019-7161
HIGHZoho ManageEngine ADSelfService Plus <5.x - Info Disclosure
Title source: llmDescription
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.
References (4)
Core 4
Core References
Various Sources
https://www.excellium-services.com/cert-xlm-advisory
Various Sources
https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-7161
Third Party Advisory
https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7161/
Patch, Release Notes, Vendor Advisory
https://www.manageengine.com/products/self-service-password/release-notes.html
Scores
CVSS v3
7.5
EPSS
0.0220
EPSS Percentile
84.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-798
Status
published
Products (4)
zohocorp/manageengine_adselfservice_plus
5.0 5000 (12 CPE variants)
zohocorp/manageengine_adselfservice_plus
5.1 5100 (16 CPE variants)
zohocorp/manageengine_adselfservice_plus
5.2 5200 (8 CPE variants)
zohocorp/manageengine_adselfservice_plus
5.3 5300 (14 CPE variants)
Published
Mar 21, 2019
Tracked Since
Feb 18, 2026