eLeN3Re/CVE-2020-13154

Releases0

Zoho ManageEngine Service Desk Plus 11.1 build 11111 and before allow low privileged authenticated users to disclose File Protection password.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-13154 ↗	May 18, 2020Monday, 18 May 2020, 22:15	6.5 MEDIUM	4 MEDIUM
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.