Rewterz Threat Alert – Greenbug Targets Pakistani Telecom Sector
May 20, 2020Rewterz Threat Alert – WolfRAT Info Stealing Malware
May 21, 2020Rewterz Threat Alert – Greenbug Targets Pakistani Telecom Sector
May 20, 2020Rewterz Threat Alert – WolfRAT Info Stealing Malware
May 21, 2020Severity
Medium
Analysis Summary
Zoho ManageEngine Service Plus could allow a remote authenticated attacker to obtain sensitive information. By sending a getFileProtectionSettings call to AjaxServlet, a remote attacker could exploit this vulnerability to obtain the File Protection password.
Impact
Information Disclosure
Affected Vendors
Zoho
Affected Products
Zoho ManageEngine Service Plus 11.1 Build 11110
Remediation
Upgrade to the latest version of Zoho ManageEngine Service Plus (11.1 build 11112 or later),