Vulnerability Description
ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.
CVSS Score
8.8
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Servicedesk Plus | <= 8.2 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN89726415/index.htmlThird Party AdvisoryVDB Entry
- http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000170.htmlThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/93215Third Party AdvisoryVDB Entry
- https://www.manageengine.com/products/service-desk/readme-9.0.html
- http://jvn.jp/en/jp/JVN89726415/index.htmlThird Party AdvisoryVDB Entry
- http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000170.htmlThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/93215Third Party AdvisoryVDB Entry
- https://www.manageengine.com/products/service-desk/readme-9.0.html
FAQ
What is CVE-2016-4889?
CVE-2016-4889 is a vulnerability with a CVSS score of 8.8 (HIGH). ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.
How severe is CVE-2016-4889?
CVE-2016-4889 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-4889?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Servicedesk Plus.