Unrated severityNVD Advisory· Published May 21, 2019· Updated Aug 4, 2024
CVE-2019-12252
CVE-2019-12252
Description
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Zoho/ManageEngine ServiceDesk Plusdescription
- Range: <=10.5
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/153029/Zoho-ManageEngine-ServiceDesk-Plus-Privilege-Escalation.htmlmitrex_refsource_MISC
- www.securityfocus.com/bid/108456mitrevdb-entryx_refsource_BID
- www.manageengine.com/products/service-desk/readme.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.