|
[Japanese]
|
JVNDB-2016-003380
|
ManageEngine Password Manager Pro vulnerable to cross-site request forgery
|
|
ManageEngine Password Manager Pro contains a cross-site request forgery vulnerability.
ManageEngine Password Manager Pro provided by Zoho Corporation contains a cross-site request forgery vulnerability (CWE-352).
CWE-352: Cross-Site Request Forgery (CSRF)
https://cwe.mitre.org/data/definitions/352.html
|
|
CVSS V3 Severity:
Base Metrics 8.0 (High) [NVD Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 6.0 (Medium) [NVD Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: Single Instance
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
Zoho Corporation
- ManageEngine Password Manager Pro versions prior to 8.5 (Build 8500)
|
|
|
If a user accesses a malicious URL while logged in, unintended operations such as adding a new user account or deleting an existing account may be performed.
|
|
[Update the Software]
This vulnerability has been addressed in Password Manager Pro 8.5 (Build 8500).
Update to the latest version according to the information provided by the developer.
|
|
Zoho Corporation
|
|
- Cross-Site Request Forgery(CWE-352) [NVD Evaluation]
|
|
- CVE-2016-1161
|
|
- JVN : JVNVU#95113461
- National Vulnerability Database (NVD) : CVE-2016-1161
- Related document : CVE-2016-1161 - Abstract Advisory Information
|
|
- [2016/12/05]
Web page was published
[2017/05/23]
CVSS Severity was modified
References : Content was added
|
