Medium severity5.3NVD Advisory· Published May 11, 2018· Updated Jun 17, 2026
CVE-2018-7248
CVE-2018-7248
Description
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.
Affected products
1- Range: =9.3 Build 9317
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.