CVE-2022-24446
MEDIUMZoho ManageEngine Key Manager Plus <6.1.6 - Info Disclosure
Title source: llmDescription
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.
References (3)
Core 3
Core References
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/cve-2022-24446/
Release Notes, Vendor Advisory
https://www.manageengine.com/key-manager/release-notes.html#6200
Various Sources
https://cds.thalesgroup.com/en/tcs-cert/CVE-2022-24446
Scores
CVSS v3
4.3
EPSS
0.0201
EPSS Percentile
83.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
Status
published
Products (1)
zohocorp/manageengine_key_manager_plus
6.1.6 (6 CPE variants)
Published
Mar 01, 2022
Tracked Since
Feb 18, 2026