Server Side Request Forgery in Zoho ManageEngine AssetExplorer
CVE-2019-12959

8.8HIGH

Key Information:

Vendor: Zohocorp
Status: Manageengine Assetexplorer
Vendor: CVE Published:; 8 August 2019

What is CVE-2019-12959?

A Server Side Request Forgery (SSRF) vulnerability exists in Zoho ManageEngine AssetExplorer versions up to 6.2.0, allowing attackers to send unauthorized requests by manipulating URLs through a parameter in the ClientUtilServlet servlet. Exploiting this vulnerability could lead to sensitive information disclosure, as it enables an attacker to access internal services that would typically be unreachable.

References

https://excellium-services.com/cert-xlm-advisory/cve-2019...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2019
Vulnerability Reserved
Jun 25, 2019

Zohocorp

What is CVE-2019-12959?

References

CVSS V3.1

Timeline