Vulnerabilites related to Zoho Corporation - ManageEngine Password Manager Pro
jvndb-2016-002331
Vulnerability from jvndb
Published
2016-12-05 15:02
Modified
2016-12-05 15:02
Severity ?
Summary
ManageEngine Password Manager Pro fails to restrict access permissions
Details
ManageEngine Password Manager Pro provided by Zoho Corporation fails to restrict access permissions.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/vu/JVNVU90405898/index.html | |
| CVE | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1159 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-1159#vulnConfigurationsArea | |
| Related Information | http://excellium-services.com/en/cert-xlm-advisory/cve-2016-1159/ | |
| Information Exposure(CWE-200) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Zoho Corporation | ManageEngine Password Manager Pro |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-002331.html",
"dc:date": "2016-12-05T15:02+09:00",
"dcterms:issued": "2016-12-05T15:02+09:00",
"dcterms:modified": "2016-12-05T15:02+09:00",
"description": "ManageEngine Password Manager Pro provided by Zoho Corporation fails to restrict access permissions.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-002331.html",
"sec:cpe": {
"#text": "cpe:/a:zohocorp:manageengine_password_manager_pro",
"@product": "ManageEngine Password Manager Pro",
"@vendor": "Zoho Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-002331",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU90405898/index.html",
"@id": "JVNVU#90405898",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1159",
"@id": "CVE-2016-1159",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1159#vulnConfigurationsArea",
"@id": "CVE-2016-1159",
"@source": "NVD"
},
{
"#text": "http://excellium-services.com/en/cert-xlm-advisory/cve-2016-1159/",
"@id": "Excellium Services (CVE-2016-1159)",
"@source": "Related Information"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "ManageEngine Password Manager Pro fails to restrict access permissions"
}
jvndb-2016-003380
Vulnerability from jvndb
Published
2016-12-05 14:32
Modified
2017-05-23 16:23
Severity ?
Summary
ManageEngine Password Manager Pro vulnerable to cross-site request forgery
Details
ManageEngine Password Manager Pro contains a cross-site request forgery vulnerability.
ManageEngine Password Manager Pro provided by Zoho Corporation contains a cross-site request forgery vulnerability (CWE-352).
CWE-352: Cross-Site Request Forgery (CSRF)
https://cwe.mitre.org/data/definitions/352.html
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/vu/JVNVU95113461/index.html | |
| CVE | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1161 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-1161 | |
| Related document | http://excellium-services.com/en/cert-xlm-advisory/cve-2016-1161/ | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Zoho Corporation | ManageEngine Password Manager Pro |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-003380.html",
"dc:date": "2017-05-23T16:23+09:00",
"dcterms:issued": "2016-12-05T14:32+09:00",
"dcterms:modified": "2017-05-23T16:23+09:00",
"description": "ManageEngine Password Manager Pro contains a cross-site request forgery vulnerability.\r\n\r\nManageEngine Password Manager Pro provided by Zoho Corporation contains a cross-site request forgery vulnerability (CWE-352).\r\n\r\nCWE-352: Cross-Site Request Forgery (CSRF)\r\nhttps://cwe.mitre.org/data/definitions/352.html",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-003380.html",
"sec:cpe": {
"#text": "cpe:/a:zohocorp:manageengine_password_manager_pro",
"@product": "ManageEngine Password Manager Pro",
"@vendor": "Zoho Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.0",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-003380",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU95113461/index.html",
"@id": "JVNVU#95113461",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1161",
"@id": "CVE-2016-1161",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1161",
"@id": "CVE-2016-1161",
"@source": "NVD"
},
{
"#text": "http://excellium-services.com/en/cert-xlm-advisory/cve-2016-1161/",
"@id": "CVE-2016-1161 - Abstract Advisory Information",
"@source": "Related document"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "ManageEngine Password Manager Pro vulnerable to cross-site request forgery"
}