{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:26:16.058Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.infigo.hr/upload/web_struktura/Zoho_ManageEngine_Password_Manager_Pro_10.x_CSV_Excel_Macro_Injection.txt",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external application, and do not plan to add CSV constraints to their own products",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-20T03:57:31",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.infigo.hr/upload/web_struktura/Zoho_ManageEngine_Password_Manager_Pro_10.x_CSV_Excel_Macro_Injection.txt",
            },
         ],
         tags: [
            "disputed",
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-9347",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "** DISPUTED ** Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external application, and do not plan to add CSV constraints to their own products.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.infigo.hr/upload/web_struktura/Zoho_ManageEngine_Password_Manager_Pro_10.x_CSV_Excel_Macro_Injection.txt",
                     refsource: "MISC",
                     url: "https://www.infigo.hr/upload/web_struktura/Zoho_ManageEngine_Password_Manager_Pro_10.x_CSV_Excel_Macro_Injection.txt",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-9347",
      datePublished: "2020-03-16T21:44:31",
      dateReserved: "2020-02-23T00:00:00",
      dateUpdated: "2024-08-04T10:26:16.058Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T15:02:36.652Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://blog.viettelcybersecurity.com/saml-show-stopper/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/horizon3ai/CVE-2022-47966",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 9.8,
                     baseSeverity: "CRITICAL",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2022-47966",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2023-12-22T05:00:59.744032Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2023-01-23",
                        reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-47966",
                     },
                     type: "kev",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-20",
                        description: "CWE-20 Improper Input Validation",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-13T17:58:23.660Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-11T19:33:35.401552",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6",
            },
            {
               url: "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html",
            },
            {
               url: "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html",
            },
            {
               url: "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html",
            },
            {
               url: "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html",
            },
            {
               url: "https://blog.viettelcybersecurity.com/saml-show-stopper/",
            },
            {
               url: "https://github.com/horizon3ai/CVE-2022-47966",
            },
            {
               url: "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/",
            },
            {
               url: "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a",
            },
            {
               url: "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-47966",
      datePublished: "2023-01-18T00:00:00",
      dateReserved: "2022-12-26T00:00:00",
      dateUpdated: "2024-09-13T17:58:23.660Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:55:08.384Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.manageengine.com/privileged-session-management/advisory/cve-2022-47523.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-01-05T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://www.manageengine.com/privileged-session-management/advisory/cve-2022-47523.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-47523",
      datePublished: "2023-01-05T00:00:00",
      dateReserved: "2022-12-19T00:00:00",
      dateUpdated: "2024-08-03T14:55:08.384Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T12:14:39.986Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-40300.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-09-16T22:47:55",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-40300.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-40300",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-40300.html",
                     refsource: "MISC",
                     url: "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-40300.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-40300",
      datePublished: "2022-09-16T22:47:55",
      dateReserved: "2022-09-09T00:00:00",
      dateUpdated: "2024-08-03T12:14:39.986Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T11:04:27.709Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20140819 [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included)",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2014/Aug/55",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc_pmp_it360_sqli.txt",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://raw.githubusercontent.com/pedrib/PoC/master/msf_modules/manageengine_dc_pmp_sqli.rb",
               },
               {
                  name: "20140830 Re: [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included)",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2014/Aug/85",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-08-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2015-05-12T14:57:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20140819 [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included)",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2014/Aug/55",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc_pmp_it360_sqli.txt",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://raw.githubusercontent.com/pedrib/PoC/master/msf_modules/manageengine_dc_pmp_sqli.rb",
            },
            {
               name: "20140830 Re: [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included)",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2014/Aug/85",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-3997",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20140819 [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included)",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2014/Aug/55",
                  },
                  {
                     name: "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc_pmp_it360_sqli.txt",
                     refsource: "MISC",
                     url: "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc_pmp_it360_sqli.txt",
                  },
                  {
                     name: "https://raw.githubusercontent.com/pedrib/PoC/master/msf_modules/manageengine_dc_pmp_sqli.rb",
                     refsource: "MISC",
                     url: "https://raw.githubusercontent.com/pedrib/PoC/master/msf_modules/manageengine_dc_pmp_sqli.rb",
                  },
                  {
                     name: "20140830 Re: [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included)",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2014/Aug/85",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-3997",
      datePublished: "2014-12-05T15:00:00",
      dateReserved: "2014-06-06T00:00:00",
      dateUpdated: "2024-08-06T11:04:27.709Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T23:58:21.426Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.manageengine.com",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11200",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://herolab.usd.de/security-advisories/usd-2021-0015/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-31T16:55:50",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.manageengine.com",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11200",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://herolab.usd.de/security-advisories/usd-2021-0015/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-33617",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.manageengine.com",
                     refsource: "MISC",
                     url: "https://www.manageengine.com",
                  },
                  {
                     name: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11200",
                     refsource: "MISC",
                     url: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11200",
                  },
                  {
                     name: "https://herolab.usd.de/security-advisories/usd-2021-0015/",
                     refsource: "MISC",
                     url: "https://herolab.usd.de/security-advisories/usd-2021-0015/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-33617",
      datePublished: "2021-07-31T16:55:50",
      dateReserved: "2021-05-28T00:00:00",
      dateUpdated: "2024-08-03T23:58:21.426Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:50:02.932Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/132511/ManageEngine-Password-Manager-Pro-8.1-SQL-Injection.html",
               },
               {
                  name: "20150630 ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2015/Jun/104",
               },
               {
                  name: "75692",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/75692",
               },
               {
                  name: "20150703 Re: [##2255763##] ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2015/Jul/19",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-06-30T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-05T20:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/132511/ManageEngine-Password-Manager-Pro-8.1-SQL-Injection.html",
            },
            {
               name: "20150630 ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2015/Jun/104",
            },
            {
               name: "75692",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/75692",
            },
            {
               name: "20150703 Re: [##2255763##] ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2015/Jul/19",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2015-5459",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html",
                     refsource: "CONFIRM",
                     url: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/132511/ManageEngine-Password-Manager-Pro-8.1-SQL-Injection.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/132511/ManageEngine-Password-Manager-Pro-8.1-SQL-Injection.html",
                  },
                  {
                     name: "20150630 ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2015/Jun/104",
                  },
                  {
                     name: "75692",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/75692",
                  },
                  {
                     name: "20150703 Re: [##2255763##] ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2015/Jul/19",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2015-5459",
      datePublished: "2015-07-08T15:00:00",
      dateReserved: "2015-07-08T00:00:00",
      dateUpdated: "2024-08-06T06:50:02.932Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:26:16.069Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.manageengine.com/products/passwordmanagerpro/issues-fixed.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.infigo.hr/upload/web_struktura/Zoho_ManageEngine_Password_Manager_Pro_10.4_CSRF.txt",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-20T03:59:07",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.manageengine.com/products/passwordmanagerpro/issues-fixed.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.infigo.hr/upload/web_struktura/Zoho_ManageEngine_Password_Manager_Pro_10.4_CSRF.txt",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-9346",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.manageengine.com/products/passwordmanagerpro/issues-fixed.html",
                     refsource: "MISC",
                     url: "https://www.manageengine.com/products/passwordmanagerpro/issues-fixed.html",
                  },
                  {
                     name: "https://www.infigo.hr/upload/web_struktura/Zoho_ManageEngine_Password_Manager_Pro_10.4_CSRF.txt",
                     refsource: "MISC",
                     url: "https://www.infigo.hr/upload/web_struktura/Zoho_ManageEngine_Password_Manager_Pro_10.4_CSRF.txt",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-9346",
      datePublished: "2020-03-16T21:42:06",
      dateReserved: "2020-02-23T00:00:00",
      dateUpdated: "2024-08-04T10:26:16.069Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T20:59:17.523Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-12-15T19:00:00Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2017-17698",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html",
                     refsource: "CONFIRM",
                     url: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2017-17698",
      datePublished: "2017-12-15T19:00:00Z",
      dateReserved: "2017-12-15T00:00:00Z",
      dateUpdated: "2024-09-16T16:22:29.752Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T23:10:30.563Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2019-04-30T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-18T18:00:42",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-12133",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html",
                     refsource: "CONFIRM",
                     url: "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html",
                  },
                  {
                     name: "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md",
                     refsource: "MISC",
                     url: "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-12133",
      datePublished: "2019-06-18T21:27:25",
      dateReserved: "2019-05-15T00:00:00",
      dateUpdated: "2024-08-04T23:10:30.563Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T13:40:06.140Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-43672.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-12T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-43672.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-43672",
      datePublished: "2022-11-12T00:00:00",
      dateReserved: "2022-10-24T00:00:00",
      dateUpdated: "2024-08-03T13:40:06.140Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T09:36:44.093Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 9.8,
                     baseSeverity: "CRITICAL",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2022-35405",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-28T21:46:55.411915Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2022-09-22",
                        reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-35405",
                     },
                     type: "kev",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-502",
                        description: "CWE-502 Deserialization of Untrusted Data",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-28T21:48:56.539Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-03T17:06:34.000Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-35405",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html",
                     refsource: "MISC",
                     url: "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-35405",
      datePublished: "2022-07-19T14:51:47.000Z",
      dateReserved: "2022-07-08T00:00:00.000Z",
      dateUpdated: "2025-01-28T21:48:56.539Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T16:18:43.478Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugbounty.zoho.com/bb/#/bug/101000003619211",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11002",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2020-27449",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-09T19:16:03.114274Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-09T19:16:09.954Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-11T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://bugbounty.zoho.com/bb/#/bug/101000003619211",
            },
            {
               url: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11002",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-27449",
      datePublished: "2023-08-11T00:00:00",
      dateReserved: "2020-10-21T00:00:00",
      dateUpdated: "2024-10-09T19:16:09.954Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T22:48:13.005Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://excellium-services.com/cert-xlm-advisory/cve-2016-1159/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://jvn.jp/vu/JVNVU90405898/index.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.manageengine.com/products/passwordmanagerpro/issues-fixed.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Password Manager Pro (PMP)",
               vendor: "ZOHO",
               versions: [
                  {
                     status: "affected",
                     version: "8.3.0 (Build 8303",
                  },
                  {
                     status: "affected",
                     version: "8.4.0 (Build 8400",
                  },
                  {
                     status: "affected",
                     version: "8401",
                  },
                  {
                     status: "affected",
                     version: "8402).",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "obtain sensitive information",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-09T16:29:51",
            orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            shortName: "jpcert",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://excellium-services.com/cert-xlm-advisory/cve-2016-1159/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://jvn.jp/vu/JVNVU90405898/index.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.manageengine.com/products/passwordmanagerpro/issues-fixed.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "vultures@jpcert.or.jp",
               ID: "CVE-2016-1159",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Password Manager Pro (PMP)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "8.3.0 (Build 8303",
                                       },
                                       {
                                          version_value: "8.4.0 (Build 8400",
                                       },
                                       {
                                          version_value: "8401",
                                       },
                                       {
                                          version_value: "8402).",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "ZOHO",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "obtain sensitive information",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://excellium-services.com/cert-xlm-advisory/cve-2016-1159/",
                     refsource: "MISC",
                     url: "https://excellium-services.com/cert-xlm-advisory/cve-2016-1159/",
                  },
                  {
                     name: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html",
                     refsource: "MISC",
                     url: "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html",
                  },
                  {
                     name: "http://jvn.jp/vu/JVNVU90405898/index.html",
                     refsource: "MISC",
                     url: "http://jvn.jp/vu/JVNVU90405898/index.html",
                  },
                  {
                     name: "https://www.manageengine.com/products/passwordmanagerpro/issues-fixed.html",
                     refsource: "CONFIRM",
                     url: "https://www.manageengine.com/products/passwordmanagerpro/issues-fixed.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
      assignerShortName: "jpcert",
      cveId: "CVE-2016-1159",
      datePublished: "2020-03-09T16:29:51",
      dateReserved: "2015-12-26T00:00:00",
      dateUpdated: "2024-08-05T22:48:13.005Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:18:48.324Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "71016",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/71016",
               },
               {
                  name: "114483",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/show/osvdb/114483",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html",
               },
               {
                  name: "20141109 [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2014/Nov/18",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt",
               },
               {
                  name: "passwordmanager-cve20148498-sql-injection(98596)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98596",
               },
               {
                  name: "35210",
                  tags: [
                     "exploit",
                     "x_refsource_EXPLOIT-DB",
                     "x_transferred",
                  ],
                  url: "http://www.exploit-db.com/exploits/35210",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-11-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-09-07T15:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "71016",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/71016",
            },
            {
               name: "114483",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/show/osvdb/114483",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html",
            },
            {
               name: "20141109 [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2014/Nov/18",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt",
            },
            {
               name: "passwordmanager-cve20148498-sql-injection(98596)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98596",
            },
            {
               name: "35210",
               tags: [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
               ],
               url: "http://www.exploit-db.com/exploits/35210",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-8498",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "71016",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/71016",
                  },
                  {
                     name: "114483",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/show/osvdb/114483",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html",
                  },
                  {
                     name: "20141109 [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2014/Nov/18",
                  },
                  {
                     name: "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt",
                     refsource: "MISC",
                     url: "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt",
                  },
                  {
                     name: "passwordmanager-cve20148498-sql-injection(98596)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98596",
                  },
                  {
                     name: "35210",
                     refsource: "EXPLOIT-DB",
                     url: "http://www.exploit-db.com/exploits/35210",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-8498",
      datePublished: "2014-11-17T16:00:00",
      dateReserved: "2014-10-28T00:00:00",
      dateUpdated: "2024-08-06T13:18:48.324Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T08:21:17.671Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/research/tra-2023-35",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Service Desk Plus",
               vendor: "ManageEngine",
               versions: [
                  {
                     lessThan: "14304",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "Asset Explorer",
               vendor: "ManageEngine",
               versions: [
                  {
                     lessThan: "7004",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "Access Manager Plus",
               vendor: "ManageEngine",
               versions: [
                  {
                     lessThan: "14304",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.<br>",
                  },
               ],
               value: "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.",
            },
         ],
         impacts: [
            {
               capecId: "CAPEC-176",
               descriptions: [
                  {
                     lang: "en",
                     value: "CAPEC-176 Configuration/Environment Manipulation",
                  },
               ],
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-200",
                     description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-26T19:58:04.015Z",
            orgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            shortName: "tenable",
         },
         references: [
            {
               url: "https://www.tenable.com/security/research/tra-2023-35",
            },
            {
               url: "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "ManageEngine Information Disclosure in Multiple Products",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
      assignerShortName: "tenable",
      cveId: "CVE-2023-6105",
      datePublished: "2023-11-15T20:57:47.981Z",
      dateReserved: "2023-11-13T15:10:28.339Z",
      dateUpdated: "2025-02-13T17:26:03.759Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}