CVE-2019-10008
N/A
N/A
Summary
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.manageengine.com/products/service-desk/readme.html
- https://www.exploit-db.com/exploits/46659
References
- https://www.manageengine.com/products/service-desk/readme.html
- https://www.exploit-db.com/exploits/46659
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.