CVE-2016-1159

Published on: 03/09/2020 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:04 PM UTC

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Certain versions of Manageengine Password Manager Pro from Zohocorp contain the following vulnerability:

In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.

  • CVE-2016-1159 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
  • Affected Vendor/Software: ZOHO - Password Manager Pro (PMP) version 8.3.0 (Build 8303
  • Affected Vendor/Software: ZOHO - Password Manager Pro (PMP) version 8.4.0 (Build 8400
  • Affected Vendor/Software: ZOHO - Password Manager Pro (PMP) version 8401
  • Affected Vendor/Software: ZOHO - Password Manager Pro (PMP) version 8402).

CVSS3 Score: 6.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVSS2 Score: 4 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
Privileged Password Management Release Notes | Password Manager Pro Release Notes
www.manageengine.com
text/html
URL Logo MISC www.manageengine.com/products/passwordmanagerpro/release-notes.html
CVE-2016-1159 - Excellium Services Third Party Advisory
excellium-services.com
text/html
URL Logo MISC excellium-services.com/cert-xlm-advisory/cve-2016-1159/
Password Manager Pro - Issues Fixed Vendor Advisory
www.manageengine.com
text/html
URL Logo CONFIRM www.manageengine.com/products/passwordmanagerpro/issues-fixed.html
JVNVU#90405898: ManageEngine Password Manager Pro にアクセス制限不備の脆弱性 Third Party Advisory
jvn.jp
text/xml
URL Logo MISC jvn.jp/vu/JVNVU90405898/index.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationZohocorpManageengine Password Manager Pro8.3build8303AllAll
ApplicationZohocorpManageengine Password Manager Pro8.4build8400AllAll
ApplicationZohocorpManageengine Password Manager Pro8.4build8401AllAll
ApplicationZohocorpManageengine Password Manager Pro8.4build8402AllAll
ApplicationZohocorpManageengine Password Manager Pro8.3build8303AllAll
ApplicationZohocorpManageengine Password Manager Pro8.4build8400AllAll
ApplicationZohocorpManageengine Password Manager Pro8.4build8401AllAll
ApplicationZohocorpManageengine Password Manager Pro8.4build8402AllAll
  • cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.3:build8303:*:*:*:*:*:*:
  • cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.4:build8400:*:*:*:*:*:*:
  • cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.4:build8401:*:*:*:*:*:*:
  • cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.4:build8402:*:*:*:*:*:*:
  • cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.3:build8303:*:*:*:*:*:*:
  • cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.4:build8400:*:*:*:*:*:*:
  • cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.4:build8401:*:*:*:*:*:*:
  • cpe:2.3:a:zohocorp:manageengine_password_manager_pro:8.4:build8402:*:*:*:*:*:*: