CVE-2023-6105 — MEDIUM (5.5)

Q: How severe is CVE-2023-6105?

CVE-2023-6105 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-6105?

Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Analytics Plus, Zohocorp Manageengine Appcreator, Zohocorp Manageengine Application Control Plus, Zohocorp Manageengine Browser Security Plus, Zohocorp Manageengine Device Control Plus.

Vulnerability Description

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Zohocorp	Manageengine Analytics Plus	< 5.3
Zohocorp	Manageengine Appcreator	< 2.0.0
Zohocorp	Manageengine Application Control Plus	< 11.2.2328.01
Zohocorp	Manageengine Browser Security Plus	< 11.2.2328.01
Zohocorp	Manageengine Device Control Plus	< 11.2.2328.01
Zohocorp	Manageengine Endpoint Central	< 11.2.2322.01
Zohocorp	Manageengine Endpoint Central Msp	< 11.2.2322.01
Zohocorp	Manageengine Endpoint Dlp Plus	< 11.2.2328.01
Zohocorp	Manageengine Mobile Device Manager Plus	< 10.1.2204.2
Zohocorp	Manageengine Os Deployer	< 1.2.2331.1
Zohocorp	Manageengine Patch Manager Plus	< 11.2.2328.01
Zohocorp	Manageengine Remote Access Plus	< 11.2.2328.01
Zohocorp	Manageengine Remote Monitoring And Management	< 10.2.11
Zohocorp	Manageengine Vulnerability Manager Plus	< 11.2.2328.01
Zohocorp	Manageengine Adselfservice Plus	< 6.3
Zohocorp	Manageengine Admanager Plus	< 7.2
Zohocorp	Manageengine Adaudit Plus	< 7.2
Zohocorp	Manageengine Cloud Security Plus	< 4.1
Zohocorp	Manageengine Datasecurity Plus	< 6.1
Zohocorp	Manageengine Exchange Reporter Plus	< 5.7

Related Weaknesses (CWE)

CWE-200

References

https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html
https://www.tenable.com/security/research/tra-2023-35ExploitThird Party Advisory
https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html
https://www.tenable.com/security/research/tra-2023-35ExploitThird Party Advisory

FAQ

What is CVE-2023-6105?

CVE-2023-6105 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected Ma...

How severe is CVE-2023-6105?

CVE-2023-6105 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-6105?

Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Analytics Plus, Zohocorp Manageengine Appcreator, Zohocorp Manageengine Application Control Plus, Zohocorp Manageengine Browser Security Plus, Zohocorp Manageengine Device Control Plus.