Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZOHO ManageEngine Desktop Central MSP 信息泄露漏洞
Vulnerability Description
ZOHO ManageEngine Desktop Central MSP是美国卓豪(ZOHO)公司的一套面向MSP(管理服务提供商)的桌面机及移动设备管理软件。该软件可帮助MSP远程管理客户网络中的桌面机、服务器以及移动设备,并为各种规模的企业提供差异化的管理服务。 ZOHO ManageEngine Desktop Central MSP 10.0.137版本中存在信息泄露漏洞。远程攻击者可借助/client-data/<client_id>/collections/##/usermgmt.xml U
CVSS Information
N/A
Vulnerability Type
N/A