Vulnerability Description
ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.
CVSS Score
5.3
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Servicedesk Plus | <= 9.1 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN72559412/index.htmlThird Party AdvisoryVDB Entry
- http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000171.htmlThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/93216Third Party AdvisoryVDB Entry
- https://www.manageengine.com/products/service-desk/readme-9.2.html
- http://jvn.jp/en/jp/JVN72559412/index.htmlThird Party AdvisoryVDB Entry
- http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000171.htmlThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/93216Third Party AdvisoryVDB Entry
- https://www.manageengine.com/products/service-desk/readme-9.2.html
FAQ
What is CVE-2016-4890?
CVE-2016-4890 is a vulnerability with a CVSS score of 5.3 (MEDIUM). ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a coo...
How severe is CVE-2016-4890?
CVE-2016-4890 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-4890?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Servicedesk Plus.