CVE-2016-4890

EPSS 3%
Published 14.04.2017 18:59:00
Last modified 20.04.2025 01:37:25
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.

Affected products Warnungen 0 Metrics 3 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Servicedesk Plus Version <= 9.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3%	0.853

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

https://www.manageengine.com/products/service-desk/readme-9.2.html

http://jvn.jp/en/jp/JVN72559412/index.html

Third Party Advisory

VDB Entry

http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000171.html

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/93216

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-4890

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-4890

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-4890

EUVD