CVE-2019-19800

high-risk

Published 2020-02-06

Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.

Do I need to act?

~

8.7% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

5

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Manageengine Applications Manager

Affected Vendors

Zohocorp

References (6)

Third Party Advisory https://gitlab.com/eLeN3Re/CVE-2019-19800/

Product https://www.manageengine.com

Release Notes https://www.manageengine.com/products/applications_manager/release-notes.html

Third Party Advisory https://gitlab.com/eLeN3Re/CVE-2019-19800/

Product https://www.manageengine.com

Release Notes https://www.manageengine.com/products/applications_manager/release-notes.html

58

/ 100

high-risk

Severity 21/34 · High

Exploitability 10/34 · Low

Exposure 27/34 · High