VYPR
Medium severity5.3NVD Advisory· Published May 11, 2018· Updated Jun 17, 2026

CVE-2018-7248

CVE-2018-7248

Description

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.

Affected products

1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.