Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
Zoho Application Control Plus 安全漏洞
Vulnerability Description
zoho application control plus是中国卓豪(zoho)的一套企业应用控制软件。该软件根据特定的控制规则,可以自动生成和维护应用白名单和黑名单。 Zoho Application Control Plus 10.0.511之前版本存在安全漏洞。 该漏洞源于元素配置功能(用于配置产品管理的元素范围中包含的元素)使攻击者可以检索产品中配置的IP范围和子网的完整列表,从而获得有关内部网络制图的信息。 该产品具有访问权限。
CVSS Information
N/A
Vulnerability Type
N/A