CVE-2016-1159 Information

Description

In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 840084018402) underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://jvn.jp/vu/JVNVU90405898/index.html https://excellium-services.com/cert-xlm-advisory/cve-2016-1159/ https://www.manageengine.com/products/passwordmanagerpro/issues-fixed.html https://www.manageengine.com/products/passwordmanagerpro/release-notes.html

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5