Credential Disclosure Vulnerability in ManageEngine DeviceExpert by Zoho Corporation
CVE-2014-5377

Currently unrated

Key Information:

Vendor

Manageengine
Status
Device Expert
Vendor
CVE Published:
4 September 2014

What is CVE-2014-5377?

A vulnerability in ManageEngine DeviceExpert prior to version 5.9 build 5981 allows remote attackers to exploit a direct request through the ReadUsersFromMasterServlet endpoint. This could potentially result in unauthorized exposure of valid user account credentials, enhancing the risk of further attacks on the system. Organizations using affected versions are advised to upgrade to a fixed version to mitigate this security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.exploit-db.com/exploits/34449
exploitx_refsource_EXPLOIT-DB
http://www.manageengine.com/products/device-expert/releas...
x_refsource_MISC
http://packetstormsecurity.com/files/128019/ManageEngine-...
x_refsource_MISC

EPSS Score

67% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.