Medium
Zoho ManageEngine Service Plus could allow a remote authenticated attacker to obtain sensitive information. By sending a getFileProtectionSettings call to AjaxServlet, a remote attacker could exploit this vulnerability to obtain the File Protection password.
Information Disclosure
Zoho
Zoho ManageEngine Service Plus 11.1 Build 11110
Upgrade to the latest version of Zoho ManageEngine Service Plus (11.1 build 11112 or later),