CVE-2018-7248
N/A
N/A
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/104287
- https://medium.com/%40esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0
- https://gitlab.com/e-sterling/cve-2018-7248
References
- http://www.securityfocus.com/bid/104287
- https://medium.com/%40esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0
- https://gitlab.com/e-sterling/cve-2018-7248
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.