CVE-2016-1159

moderate-risk

Published 2020-03-09

In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.

Do I need to act?

0.48% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (4)

Manageengine Password Manager Pro

Affected Vendors

Zohocorp

References (8)

Third Party Advisory http://jvn.jp/vu/JVNVU90405898/index.html

Third Party Advisory https://excellium-services.com/cert-xlm-advisory/cve-2016-1159/

Vendor Advisory https://www.manageengine.com/products/passwordmanagerpro/issues-fixed.html

Release Notes https://www.manageengine.com/products/passwordmanagerpro/release-notes.html

Third Party Advisory http://jvn.jp/vu/JVNVU90405898/index.html

Third Party Advisory https://excellium-services.com/cert-xlm-advisory/cve-2016-1159/

Vendor Advisory https://www.manageengine.com/products/passwordmanagerpro/issues-fixed.html

Release Notes https://www.manageengine.com/products/passwordmanagerpro/release-notes.html

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 2/34 · Minimal

Exposure 10/34 · Low